Module Description
Cryptolog enhances user privacy (and compliance with data protection and consumer privacy regulations such as GDPR, CCPA/CPRA, etc.) by logging ephemeral identifiers in place of client IP addresses in Drupal logs and database tables.

When Cryptolog is enabled, \Drupal::request()->getClientIp() and Drupal 7's ip_address() output a 128-bit keyed hash of the client IP address (in IPv6 notation), using a salt that is stored in the cache and regenerated each day.

Because Cryptolog uses the same unique identifier per IP address for a 24-hour period, it is still possible to do some statistical analysis of the logs such as counting unique visitors per day. In addition, unlike other solutions of setting $_SERVER['REMOTE_ADDR'] to either one static IP address or a completely random IP address, Drupal's flood control mechanisms still function as normal.

Note: As long as the salt can still be retrieved, brute force can be used to generate a rainbow table and reverse engineer client IPv4 addresses. However, once the salt has expired and a new salt regenerated, or the salt was stored only in memory and the web server has been shutdown or restarted, it should not be feasible to determine client IP addresses, aside from using forensic methods on unencrypted swap space, etc.

Requirements: Cryptolog has no special requirements, although APCu PHP extension, Memcache module and/or Redis module are recommended to serve as an in-memory cache. If available, Sodium PHP extension will be used to generate BLAKE2b keyed hashes, otherwise falling back to HMAC-MD5 keyed hashes.



Drupal 7 requirements: One of the following: APCu PHP extension or Memcache module is required as an in-memory key/value store for the salt. The backend store will be chosen automatically based on which backends are present, with a preference for Memcache which can be shared between servers. Please note that after enabling the module, you must also add it to your site's settings.php file! See README.txt for instructions. Likewise to disable the module you must remove it from your site's settings.php file. If available, Sodium PHP extension will be used to generate BLAKE2b keyed hashes, otherwise falling back to HMAC-MD5 keyed hashes.

Similar modules: IP Anonymize logs IP addresses as per normal, and then retroactively scrubs them according to a configurable IP address retention period.

Credits: This module was inspired by the Cryptolog Python log filter script and developed by mfb. You can support development by contributing or sponsoring.

Project Usage
117
Creation Date
Changed Date
Security Covered
Covered By Security Advisory
Version Available
Production
Module Summary
Cryptolog enhances user privacy by logging ephemeral identifiers in place of client IP addresses in Drupal logs and database tables.
Data Name
cryptolog

OPENAI CHATBOT

OPENAI CHATBOT

10:23:18
Generic Chatbot
Hi, I'm a Drupal module expert powered by OpenAI, answering your questions about the Drupal module ecosystem. How can I be helpful today? Please note that we will log your question.