Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Decrypting Eternal September's NNTP-POSTING-HOST

48 views
Skip to first unread message
Message has been deleted

Mike Easter

unread,
Apr 29, 2011, 10:12:03 PM4/29/11
to
Sqwertz wrote:
> I'm pretty green when it comes to encryption so excuse me if this
> seems like a "How do I guess somebody's email password"-type question.
>
> When someone posts using the same IP address (and/or account login
> name), the string is scrambled by a consistent algorithm so that the
> strings are identical over multiple posts, but change when at least I[
> is changed.

Disclaimer: I have no idea how e-s derives its stamped posting host or
posting account info.

A hash works like that, to prevent easy decoding.

That is, if you knew your IP address and the e-s encrypted/hashed
result, it would be 'computationally infeasible' for you to take some
other encrypted/hashed result and derive its (unknown) IP address.

There are a lot of different ways to hash something; one would assume
some computationally simple hash function so that it could be done
'instantaneously' on the fly without using any real resources.

> And it's a fairly short string (22 characters made up of a set of 60
> or less characters. Wouldn't this make it easy to decrypt through
> some magic decryptifier decoder ring like those found in Alpha-bits
> cereal boxes?

No. In my ignorance of what is actually done, my guess (based on hash
function traits) is that it would not be at all easy unless you knew the
hash function.


http://en.wikipedia.org/wiki/Hash_function


--
Mike Easter

Steve Crook

unread,
Apr 30, 2011, 6:49:41 AM4/30/11
to
On Fri, 29 Apr 2011 20:39:45 -0500, Sqwertz wrote in
Message-Id: <1qhjy795...@sqwertz.com>:

> When someone posts using the same IP address (and/or account login
> name), the string is scrambled by a consistent algorithm so that the
> strings are identical over multiple posts, but change when at least I[

> is changed. Unlike the strings used by giganews, readnews, etc..
> where each post has a unique string (past the first 4 characters
> "sv3-" unique string.
ES probably uses a one-way hash, like MD5 or SHA1. It probably also
uses a "salt"[1] to prevent anyone from hashing the entire ipv4 address
range to find collisions.

> And it's a fairly short string (22 characters made up of a set of 60
> or less characters. Wouldn't this make it easy to decrypt through
> some magic decryptifier decoder ring like those found in Alpha-bits
> cereal boxes?

60^22 presents a 40 digit number of combinations. Even if it was a
basic encryption algorithm, it would be computationally infeasible to
decrypt. As it's almost certainly using a one-way hash, it's probably
safe to say it's impossible to obtain the actual address from the hash
output.

[1] http://en.wikipedia.org/wiki/Salt_(cryptography)

Message has been deleted
Message has been deleted

Tony

unread,
May 1, 2011, 5:58:58 PM5/1/11
to
In news.software.readers, Sqwertz <swe...@cluemail.compost> wrote:

>On Sat, 30 Apr 2011 10:49:41 +0000 (UTC), Steve Crook wrote:
>
>> 60^22 presents a 40 digit number of combinations. Even if it was a
>> basic encryption algorithm, it would be computationally infeasible to
>> decrypt. As it's almost certainly using a one-way hash, it's probably
>> safe to say it's impossible to obtain the actual address from the hash
>> output.
>>
>> [1] http://en.wikipedia.org/wiki/Salt_(cryptography)
>

>But presumably it's decipherable. Otherwise how would they use it to
>decode sombody's IP/account name VIA full headers in the case of
>complaints?
>
>Like I said, I'm no expert on encryption theory so thanks for anyone's
>patience.

It's likely not a hash, but rather encrypted using a salt and a key. You
need to know both to decrypt it. The salt could change each time but could
be determined historically if you know where to look. They key could be
changed on a rotation as long as you can work out which key you used at the
relevant moment.

I'm guessing however.
--
Tony Evans
Saving trees and wasting electrons since 1993
blog -> http://perceptionistruth.com/
books -> http://www.bookthing.co.uk/
[ anything below this line wasn't written by me ]

Steve Crook

unread,
May 2, 2011, 6:11:44 AM5/2/11
to
On Sun, 1 May 2011 15:28:09 -0500, Sqwertz wrote in
Message-Id: <1kka7w3d...@sqwertz.com>:

> But presumably it's decipherable. Otherwise how would they use it to
> decode sombody's IP/account name VIA full headers in the case of
> complaints?

They don't need to decrypt anything to know who posted what, it's all
recorded in log files. The Posting-Host header just serves to link
articles to a common source, usually as a means to seed EMP filters.

To answer your question specifically, no, it's very unlikely that it's
decipherable.

0 new messages