[Cryptography] Auditable logs?

Stephan Mueller smueller at chronox.de
Sun Oct 26 23:44:13 EDT 2014


Am Sonntag, 26. Oktober 2014, 20:28:13 schrieb Sandy Harris:

Hi Sandy,

> Various computer-mediated activities may end up in court for a range
> of reasons and in many cases log files  will be used as evidence.
> However for most log file formats, deleting a few lines or adding a
> few bogus ones is trivial. Even forging an entire file or large chunk
> thereof is not impossible.
> 
> Lawyers for one side or the other seem quite likely to attack the
> credibility of log files and/or of the sys admin who provides them. In
> at least some cases, proof "beyond reasonable doubt" is required and
> that is going to be very difficult if the lawyers trying to create
> some doubt are good.
> 
> What sort of crypto mechanisms might help here? I can see various
> applications of digital signatures and timestamps that might help, but
> noting close to a full solution.

What about using git as a log backend? Logically it is a chronological tracker 
based on a good cryptographic hash.

-- 
Ciao
Stephan


More information about the cryptography mailing list