#25184 closed defect (fixed)

consensus health says that signatures are sha1, but the microdesc consensus actually uses sha256

Reported by: teor Owned by: tom
Priority: Medium Milestone:
Component: Metrics/Consensus Health Version:
Severity: Normal Keywords:
Cc: atagar, metrics-team Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by teor)

I guess this was accidentally hard-coded somewhere?

Child Tickets

Change History (6)

comment:1 Changed 18 months ago by tom

Cc: atagar added

Hm, I get the signature method from https://gitweb.torproject.org/stem.git/tree/stem/descriptor/networkstatus.py#n687

Maybe this is a stem bug?

comment:2 Changed 18 months ago by teor

Description: modified (diff)
Summary: consensus health says that signatures are sha1, but they're actually sha256consensus health says that signatures are sha1, but the microdesc consensus actually uses sha256

This does not appear to be a stem bug.

ns consensuses have sha1:

directory-signature 0232AF901C31A04EE9848595AF9BB7620D4C5B2E E66AE3C828CCAA8A765620B2750DD6257C9A52D4

microdesc consensuses have sha256:

directory-signature sha256 0232AF901C31A04EE9848595AF9BB7620D4C5B2E E66AE3C828CCAA8A765620B2750DD6257C9A52D4

I didn't check both consensus flavours - I only checked microdesc consensuses.
And I guess consensus health only checks ns consensuses.

Can we modify it to check both?
That might mean changing the format of the signature table a little.

comment:3 Changed 18 months ago by tom

I suppose I could, but what new data would be helpful to display from the microdesc consensus? I don't think it's terribly valuable to just output 'microdesc - sha256'. I'd be more inclined to just remove the confusing signature algorithm output.

comment:4 Changed 18 months ago by teor

Sure. We can hide the fact that we still use sha1 :-)

comment:5 Changed 17 months ago by irl

Cc: metrics-team added

Adding metrics-team to cc

Note: See TracTickets for help on using tickets.