How CipherDrop's IP Hashing Works
A deep dive into anonymizing connection metadata without sacrificing abuse prevention.
When a client hits the CipherDrop API, we generate a non-reversible hash of their IP address on the edge.
- The raw IP never touches persistent storage.
- We salt the hash daily, so cross-day correlation is impossible.
- Rate-limit buckets key off the hash, keeping the same protection level.
import crypto from 'crypto';
export function hashIp(ip: string, salt: string) {
return crypto.createHash('sha256').update(ip + salt).digest('hex');
}
This technique lets us measure hammering attempts while proving, cryptographically, that we cannot reconstruct the original addresses.
Stay private, stay sharp. ⚔️