[Cryptography] Auditable logs?
smueller at chronox.de
Sun Oct 26 23:44:13 EDT 2014
Am Sonntag, 26. Oktober 2014, 20:28:13 schrieb Sandy Harris:
> Various computer-mediated activities may end up in court for a range
> of reasons and in many cases log files will be used as evidence.
> However for most log file formats, deleting a few lines or adding a
> few bogus ones is trivial. Even forging an entire file or large chunk
> thereof is not impossible.
> Lawyers for one side or the other seem quite likely to attack the
> credibility of log files and/or of the sys admin who provides them. In
> at least some cases, proof "beyond reasonable doubt" is required and
> that is going to be very difficult if the lawyers trying to create
> some doubt are good.
> What sort of crypto mechanisms might help here? I can see various
> applications of digital signatures and timestamps that might help, but
> noting close to a full solution.
What about using git as a log backend? Logically it is a chronological tracker
based on a good cryptographic hash.
More information about the cryptography