zlacker

I think if we use a difficult enough hash function it should be okay? With 4 billion IPv4 addresses it would take 120+ years to iterate through all of them. You could probably rotate the nonce periodically, making it effectively worthless to pre-compute any table. But this gets complicated fast.

>>xvecto+(OP)
Why 120 years? It is easily parallelized, and with any cloud provider you can launch hundreds of thousands of computing unit in seconds. I'd say, as a private citizen, I can create a rainbow table of the IPv4 space in half a day, more or less?

>>xvecto+(OP)
Except you are still storing the nonce/salt (not sure which you are proposing)...which means you can reverse it, so the data is subpoenable. It doesn't really buy anyone anything, in this scenario. It could help if the logs were stolen, but that isn't what is being discussed here.

>>xvecto+(OP)
You could try to do a more difficult hash or something (bcrypt maybe?) but I don't know if it's a very good idea. I think you'd spike your latency, open yourself to DoS attacks or only minorly inconvenience anyone reversing the hashes, or some combination of those.

>>kadoba+Ye
>(bcrypt maybe?) but I don't know if it's a very good idea

b/scrypt and all other password grade hashes are slow on purpose but they are slow per each use. Imagine the processing takes 0.1s (which is on the low side of hardness) per each request - you just killed all your servers w/o any designated DoS. If you abandon the nonce and use the same salt multiple times (so the computation is amortized), it'd take a replicated cache of IP->hash and even then it still doesn't accomplish much...