Hash the generated logs to avoid any tampering with the results.

joedicastro / vps-comparison

A comparison between some VPS providers. It uses Ansible to perform a series of automated benchmark tests over the VPS servers that you specify. It allows the reproducibility of those tests by anyone that wanted to compare these results to their own. All the tests results are available in order to provide independence and transparency.

https://github.com/joedicastro/vps-comparison#automation

MIT License

1.42k stars 81 forks source link

Hash the generated logs to avoid any tampering with the results. #3

Open joedicastro opened 7 years ago

joedicastro commented 7 years ago

Create a hash by every log file generated by a test (in the VPS instance or in the local machine) to avoid any tampering with the results. Download both the hash and the log in the same step.

Use a common but secure hash algorithm to perform the checksums easily by anyone.

lcts commented 6 years ago

I've implemented this in #37 , however someone could still mess with the logfiles, recalculate the hashes, change the hash files, before uploading the results. I don't really see a way around that, though.

Edit: Given that in this scenario the person doing the messing is also the person controlling the server, this is probably a complete non-issue, since that person can also just mess with the performance of the system as directly.