0

To fight vote fraud, I need to store IP addresses in my database but I want to make them anonymous. The only information that I need is if two addresses are the same ... I think.

  • To prevent voting manipulation in a public web site, is it enough to compare IP addresses for equality?

  • For transparency/verification purposes, I'd like to allow users to download the voting data. Therefore, I have to hash the IP addresses in a suitable way. Which hash method do you suggest and why?

Aaron Digulla
  • 321,842
  • 108
  • 597
  • 820

6 Answers6

1

I've done some voting functionaly in the past and I've used IP as the unique constraint. The drawback is that people may share public IP.

You could combine cookie and IP. It all depends of the importance of the voting if people are cheating or not.

I would use a simple MD5 hash.

Mikael Östberg
  • 16,982
  • 6
  • 61
  • 79
  • 2
    I am not a cryptographic expert, but: IPv4 addresses are only 32 bits long, so if you hash only the IP address, it won't be difficult for an attacker just to compare it to every possible MD5-hashed IP address and figure out the original address. As I understand it, you commonly use a randomized "salt" for this purpose, but such a salt would prevent you from being able to compare the encrypted IP addresses to prevent duplication. (Again, I am not a cryptographic expert.) – npdoty Mar 02 '11 at 20:19
  • 1
    Again, it all depends on what the voting is about. If it's some random voting like "What is your favourite colour", then MD5 on IPv4 will be fine. But if the voting actually will affect something that someone find really important then another strategy will be needed. – Mikael Östberg Mar 03 '11 at 08:21
1

Comparing public IPs wont be enough. You will let only one vote from few countries and from corporates, which have one external IPs.

Best way to do it is use multiple methods to detect the fake votes.

  • If users are logged in vote is tied to login,
  • if not set a browser cookie.
  • Do not allow votes from same IP + same-cookie at very fast rate.
  • Put a captcha if votes are coming at very fast rate from same IP.

For anonymizing the IP just make keyed hash of IP.

Zimbabao
  • 8,150
  • 3
  • 29
  • 36
  • Cookies to prevent multiple votes are trivial to circumvent. And I'd rather prevent a few legit votes instead of allowing many fake ones. – CodesInChaos Mar 02 '11 at 20:39
0

To prevent voting manipulation in a public web site, is it enough to compare IP addresses for equality?

That will prevent lots of people who are behind NAT gateways from voting, once someone behind the gateway has voted. Do you really want to do that?

user
  • 6,897
  • 8
  • 43
  • 79
0

I would hash the IP adress, and for each poll, keep a list of hashes of people who have voted, and a list of answers. Don't couple the answer with the hash. That way, it doesn't even matter how good your hashing is exactly.

You could consider in addition to storing the ip, also putting a cookie on the client, for people with laptops for instance, who connect to different networks and thereby are able to vote from different ip's.

Also realize that by allowing an ip to vote once, you're allowing people behind a NAT or proxy to vote once. That could mean that an entire company can only vote once. You need to consider whether that's acceptable to you.

markijbema
  • 3,985
  • 20
  • 32
0

I think the best way to prevent vote fraud is with authentication method. But you need something for Public website without authentication. Yeah?

Then your thoughts is right, IP verification, save the IP address in one table with the hash.

// Verify in the table if this IP visitor exists

 ...
$ip = $_SERVER['REMOTE_ADDRESS'];

if ($ip == $row['ip']) {

   if (sha1($ip) === '$row[shaip]') {
       echo "You have already give a vote.";
   }
} 
else {

   // Start the process here
   $ip = "$_SERVER['REMOTE_ADDRESS']";
   $shaip = sha1($ip); // the own IP

   // Here inputs IP and HASH in your table
   mysql_query("INSERT ...");

   // Here fetch the data to comparison
   mysql_query("SELECT ...");
}
devasia2112
  • 5,844
  • 6
  • 36
  • 56
0

Hashing with a public salt obviously doesn't keep the IPs private(there are only 4 billion of them, easy to brute-force reverse).

So you need to keep the salt private, at which point it basically becomes a key. So instead of hashing you could use a symmetric encryption like AES is a secret key too. And there would be no significant difference. Except that it's slightly easier for yourself(who has the key) to reverse the encryption than to reverse the hash.

One other thing you could do is use a hash significantly shorter than 32 bits. That way you prevent reversing of an IP simply because there are many IPs matching a single hash. But of course each vote then blocks a number of other IPs too. If that's acceptable depends on your use-case.

CodesInChaos
  • 106,488
  • 23
  • 218
  • 262