[openstack-dev] [all][dev][python] constructing a deterministic representation of a python data structure
Joshua Harlow
harlowja at fastmail.com
Thu Nov 3 20:31:09 UTC 2016
I wouldn't recommend this (the basic hash) if you actually want to do
any kind of validation that the contents weren't altered. Is that the
purpose? Or are you trying to ensure bits aren't flipped?
If u want some level of validation that the message wasn't tampered with
u probably at least want https://docs.python.org/2/library/hmac.html and
then you need to start figuring out what to do about key distribution &
management and rotation :-/
Amrith Kumar wrote:
> Gordon,
>
> You can see a very quick-and-dirty prototype of the kind of thing I'm
> looking to do in Trove at
> https://gist.github.com/amrith/6a89ff478f81c2910e84325923eddebe
>
> Uncommenting line 51 would simulate a bad hash.
>
> I'd be happy to propose something similar in oslo.messaging if you think
> that would pass muster there.
>
> -amrith
>
> -----Original Message-----
> From: gordon chung [mailto:gord at live.ca]
> Sent: Thursday, November 3, 2016 3:09 PM
> To: openstack-dev at lists.openstack.org
> Subject: Re: [openstack-dev] [all][dev][python] constructing a deterministic
> representation of a python data structure
>
>
>
> On 03/11/16 02:24 PM, Amrith Kumar wrote:
>
>> So, just before calling call() or cast(), I could compute the hash and
>> stuff it into the dictionary that is being sent over, and I can do the
>> same on the receiving side. But since I cannot guarantee that the
>> representation on the receiving side is necessarily identical to the
>> representation on the sending side, I have issues computing the hash.
>>
>>
>
> based on description, you're trying to sign the messages? there was some
> effort done in oslo.messaging[1]
>
> we do something similar in Ceilometer to sign IPC messages[2]. it does add
> overhead though.
>
> [1] https://review.openstack.org/#/c/205330/
> [2]
> https://github.com/openstack/ceilometer/blob/ffc9ee99c10ede988769907fdb0594a
> 512c890cd/ceilometer/publisher/utils.py#L43-L58
>
> cheers,
> --
> gord
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list