[Cryptography] Auditable logs?

Daniel Borkmann dborkman at redhat.com
Mon Oct 27 06:42:50 EDT 2014


On 10/27/2014 04:44 AM, Stephan Mueller wrote:
> Am Sonntag, 26. Oktober 2014, 20:28:13 schrieb Sandy Harris:
...
>> Various computer-mediated activities may end up in court for a range
>> of reasons and in many cases log files  will be used as evidence.
>> However for most log file formats, deleting a few lines or adding a
>> few bogus ones is trivial. Even forging an entire file or large chunk
>> thereof is not impossible.
>>
>> Lawyers for one side or the other seem quite likely to attack the
>> credibility of log files and/or of the sys admin who provides them. In
>> at least some cases, proof "beyond reasonable doubt" is required and
>> that is going to be very difficult if the lawyers trying to create
>> some doubt are good.
>>
>> What sort of crypto mechanisms might help here? I can see various
>> applications of digital signatures and timestamps that might help, but
>> noting close to a full solution.
>
> What about using git as a log backend? Logically it is a chronological tracker
> based on a good cryptographic hash.

Have you looked into journald's FSS [1]?

   [1] http://lwn.net/Articles/512895/


More information about the cryptography mailing list