[Cryptography] Auditable logs?
Stephan Mueller
smueller at chronox.de
Sun Oct 26 23:44:13 EDT 2014
Am Sonntag, 26. Oktober 2014, 20:28:13 schrieb Sandy Harris:
Hi Sandy,
> Various computer-mediated activities may end up in court for a range
> of reasons and in many cases log files will be used as evidence.
> However for most log file formats, deleting a few lines or adding a
> few bogus ones is trivial. Even forging an entire file or large chunk
> thereof is not impossible.
>
> Lawyers for one side or the other seem quite likely to attack the
> credibility of log files and/or of the sys admin who provides them. In
> at least some cases, proof "beyond reasonable doubt" is required and
> that is going to be very difficult if the lawyers trying to create
> some doubt are good.
>
> What sort of crypto mechanisms might help here? I can see various
> applications of digital signatures and timestamps that might help, but
> noting close to a full solution.
What about using git as a log backend? Logically it is a chronological tracker
based on a good cryptographic hash.
--
Ciao
Stephan
More information about the cryptography
mailing list