I wouldn't recommend this (the basic hash) if you actually want to do
any kind of validation that the contents weren't altered. Is that the
purpose? Or are you trying to ensure bits aren't flipped?
If u want some level of validation that the message wasn't tampered with
u probably at least want https://docs.python.org/2/library/hmac.html and
then you need to start figuring out what to do about key distribution &
management and rotation :-/
Amrith Kumar wrote:
Gordon,
You can see a very quick-and-dirty prototype of the kind of thing I'm
looking to do in Trove at
https://gist.github.com/amrith/6a89ff478f81c2910e84325923eddebe
Uncommenting line 51 would simulate a bad hash.
I'd be happy to propose something similar in oslo.messaging if you think
that would pass muster there.
-amrith
-----Original Message-----
From: gordon chung [mailto:[email protected]]
Sent: Thursday, November 3, 2016 3:09 PM
To: [email protected]
Subject: Re: [openstack-dev] [all][dev][python] constructing a deterministic
representation of a python data structure
On 03/11/16 02:24 PM, Amrith Kumar wrote:
So, just before calling call() or cast(), I could compute the hash and
stuff it into the dictionary that is being sent over, and I can do the
same on the receiving side. But since I cannot guarantee that the
representation on the receiving side is necessarily identical to the
representation on the sending side, I have issues computing the hash.
based on description, you're trying to sign the messages? there was some
effort done in oslo.messaging[1]
we do something similar in Ceilometer to sign IPC messages[2]. it does add
overhead though.
[1] https://review.openstack.org/#/c/205330/
[2]
https://github.com/openstack/ceilometer/blob/ffc9ee99c10ede988769907fdb0594a
512c890cd/ceilometer/publisher/utils.py#L43-L58
cheers,
--
gord
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
