Opened 10 years ago

Closed 10 years ago

#2505 closed enhancement (implemented)

Implement bridge descriptor secret manager in metrics-db

Reported by: karsten Owned by: karsten
Priority: Medium Milestone:
Component: Metrics/CollecTor Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: #2435 Points:
Reviewer: Sponsor:


In #2435 we discussed replacing bridge IP addresses in bridge descriptors with

H(IP address + bridge identity + secret)[:3]

This is already implemented for a static secret.

We also discussed changing the secret regularly, say, once a month. This requires us to extend metrics-db to:

  • generate a new secret when we receive the first descriptor of a new month,
  • store secrets to disk and read them on startup,
  • solve the problem that a descriptor can be referenced from statuses of two months, and
  • delete secrets when we're sure we don't need them anymore.

Child Tickets

Change History (2)

comment:1 Changed 10 years ago by karsten

Status: newneeds_review

Today I finished the implementation of hashed IP addresses in metrics-db and pushed it to branch hashed_bridge_ips in my public metrics-db repository. I'm optimistically setting the needs_review in case someone wants to look. I'd rather like to know early if I broke the secure random number generator or something.

Here are the next steps:

  • Sanitize some old bridge descriptors from 2008 with the new algorithm tonight.
  • Run a simple analysis of the sanitized descriptors to find out how often bridges change their IP address. The goal here is to find out if the sanitized descriptors are useful for statistics.
  • Update the specification-like description of our the sanitizing process here.
  • Post the sanitized descriptors from November 2008 to or-dev for others to look.
  • Sanitize the 2.5 years of descriptors that we have once again and make them available on the metrics website.

comment:2 Changed 10 years ago by karsten

Resolution: implemented
Status: needs_reviewclosed

So many tickets... The list of next steps from my last comment doesn't belong here, but in #2435. Moving it there.

Closing this ticket, because the bridge descriptor secret manager is implemented in metrics-db.

Note: See TracTickets for help on using tickets.