Implement bridge descriptor secret manager in metrics-db
In legacy/trac#2435 (moved) we discussed replacing bridge IP addresses in bridge descriptors with
H(IP address + bridge identity + secret)[:3]This is already implemented for a static secret.
We also discussed changing the secret regularly, say, once a month. This requires us to extend metrics-db to:
- generate a new secret when we receive the first descriptor of a new month,
- store secrets to disk and read them on startup,
- solve the problem that a descriptor can be referenced from statuses of two months, and
- delete secrets when we're sure we don't need them anymore.
Activity
Today I finished the implementation of hashed IP addresses in metrics-db and pushed it to branch hashed_bridge_ips in my public metrics-db repository. I'm optimistically setting the needs_review in case someone wants to look. I'd rather like to know early if I broke the secure random number generator or something.
Here are the next steps:
- Sanitize some old bridge descriptors from 2008 with the new algorithm tonight.
- Run a simple analysis of the sanitized descriptors to find out how often bridges change their IP address. The goal here is to find out if the sanitized descriptors are useful for statistics.
- Update the specification-like description of our the sanitizing process here.
- Post the sanitized descriptors from November 2008 to or-dev for others to look.
- Sanitize the 2.5 years of descriptors that we have once again and make them available on the metrics website.
Trac:
Status: new to needs_review
Actualpoints: N/A to N/A
Pointsdone: N/A to N/A
Actualpointsdone: N/A to N/A-
So many tickets... The list of next steps from my last comment doesn't belong here, but in legacy/trac#2435 (moved). Moving it there.
Closing this ticket, because the bridge descriptor secret manager is implemented in metrics-db.
Trac:
Resolution: N/A to implemented
Status: needs_review to closed moved from legacy/trac#2505 (moved)
added Feature label and removed 1 deleted label