Monitor no-key service key rotation

[Benjamin-Loison]

https://discord.com/channels/933841502155706418/933841503103627316/1290273845143404565

[Benjamin-Loison]

https://www.php.net/manual/en/function.hash-algos.php

print_r(hash_algos());

Output:

Array
(
    [0] => md2
    [1] => md4
    [2] => md5
    [3] => sha1
    [4] => sha224
    [5] => sha256
    [6] => sha384
    [7] => sha512/224
    [8] => sha512/256
    [9] => sha512
    [10] => sha3-224
    [11] => sha3-256
    [12] => sha3-384
    [13] => sha3-512
    [14] => ripemd128
    [15] => ripemd160
    [16] => ripemd256
    [17] => ripemd320
    [18] => whirlpool
    [19] => tiger128,3
    [20] => tiger160,3
    [21] => tiger192,3
    [22] => tiger128,4
    [23] => tiger160,4
    [24] => tiger192,4
    [25] => snefru
    [26] => snefru256
    [27] => gost
    [28] => gost-crypto
    [29] => adler32
    [30] => crc32
    [31] => crc32b
    [32] => crc32c
    [33] => fnv132
    [34] => fnv1a32
    [35] => fnv164
    [36] => fnv1a64
    [37] => joaat
    [38] => murmur3a
    [39] => murmur3c
    [40] => murmur3f
    [41] => xxh32
    [42] => xxh64
    [43] => xxh3
    [44] => xxh128
    [45] => haval128,3
    [46] => haval160,3
    [47] => haval192,3
    [48] => haval224,3
    [49] => haval256,3
    [50] => haval128,4
    [51] => haval160,4
    [52] => haval192,4
    [53] => haval224,4
    [54] => haval256,4
    [55] => haval128,5
    [56] => haval160,5
    [57] => haval192,5
    [58] => haval224,5
    [59] => haval256,5
)

[Benjamin-Loison]

https://www.php.net/manual/en/function.hash.php

echo hash('sha512', '');

cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

echo -n | sha512sum

cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e  -

[Benjamin-Loison]

date(DATE_ATOM)

We need millisecond precision, as 2 keys may be tested in a second.

The Stack Overflow answer 11424665 helps.

//use \Datetime;

$now = new DateTime();
echo $now->getTimestamp();
die();

[Benjamin-Loison]

If the key is removed, then its hash does not make me able to get the initial YouTube Data API v3 key.

[Benjamin-Loison]

function logg($filePath, $toWrite) {
    $toWrite = floor(microtime(true) * 1000) . ' ' . $toWrite;
    file_put_contents($filePath, $toWrite . "\n", FILE_APPEND);
}
logg('no_key_logs.txt', hash('sha512', 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' . $key));
logg('../no_key_logs_secret.txt', "New key $key");

http://yt.lemnoslife.com/no_key_logs.txt

/var/www/no_key_logs_secret.txt

However, making people able to distinguish a key from another can interesting.

[Benjamin-Loison]

Note that an interesting metric is how many days it takes to loop on an already used key.

Having some anonymized logs to let people see people's usage and involved quota usage. However, have to ensure that requests do not leak any private information by specifying the shape of correct requests. If consider URLs it is not too much complicated to list all YouTube Data API v3 and YouTube operational API web-scraping endpoints, however for parameters it starts being annonying except if automatize.

[Benjamin-Loison]

It seems that the mutex is not actually exclusive.

cut -d ' ' -f 2 no_key_logs.txt | uniq | wc -l

helps.