The "cloak_md5" Module (v4)

Description

This module adds the half and full cloaking methods for use with the cloak module. These methods are deprecated but exist for compatibility with v3.

Configuration

To load this module use the following <module> tag:

<module name="cloak_md5">

<cloak>

The <cloak> tag defines a cloaking profile. This tag can be defined as many times as required.

Name	Type	Default Value	Description
class	String	None	If non-empty then a comma-delimited list of of connect classes that can receive this cloak.
domainparts	Number	3	If the half method is used then the maximum number of domain labels that should be visible.
prefix	Text	None	The value to prefix IP address cloaks with.
suffix	Text	.IP	The value to suffix IP address cloaks with.
key	Text	None	A random 30+ character value to use as a secret key when cloaking. The longer this is the more secure it is.
ignorecase	Boolean	No	Whether to to ignore the case of a FQDN when cloaking.

This module also extends the <cloak:method> field with the following values:

Name	Description
half	If the user has a DNS hostname then cloak all but the last few labels with a salted MD5 hash. Otherwise, cloak with a salted MD5 hash of the most unique /16 subnet of a IPv4 address or /48 subnet of a IPv6 address. Does not cloak UNIX socket users.
full	Cloak with three salted MD5 hashes of significant ranges of a user's IP address (IPv4: /16 /24 /32, IPv6: /32 /48 /64). Does not cloak UNIX socket users.

Example Usage

Cloaking using the full method:

<cloak method="full"
       class=""
       key="changeme"
       prefix="MyNet-"
       suffix=".IP">

Cloaking using the half method:

<cloak method="half"
       class=""
       key="changeme"
       prefix="MyNet-"
       suffix=".IP"
       domainparts="3"
       ignorecase="yes">