[Cryptography] Write-protect switches, etc.

Henry Baker hbaker1 at pipeline.com
Wed Dec 30 11:59:33 EST 2015

One significant problem with malware is that it can *delete log files*, so that finding out what it was up to can be difficult.

Soooo, you need a *write-once*, *append-only* device to act as a logger.

It's sad, in this day and age, that the best logger may be an old-style continuous paper printer.

It's hard to imagine malware that's capable of reaching out & shredding that "log file".

This is why traditional (paper-based) *accounting systems* are append-only.  You can never erase an entry; you can only add a correcting entry, so that it can later be audited.  Financial systems & auditors have had to deal with bad people trying to "hack the books" for centuries.

The Bitcoin blockchain is an analogous system that would require overwhelming force (i.e., some plurality of the computing power) to change an entry.

Unfortunately, it's not that simple w.r.t. malware & logs.

The malware can force the log files to be encrypted with a key of their choosing -- sort of like ransomware -- so the resulting log files may exist, but will be gibberish.

Perhaps Mr. Comey has a solution for this problem?

More information about the cryptography mailing list