Re: Re[2]: [logs] Log archival

• Previous message: Tevfik Karagulle: "Re: [logs] Firewall One and Syslog"
• In reply to: Richard Welty: "Re[2]: [logs] Log archival"
• Next in thread: Paul D. Robertson: "RE: [logs] Log archival"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2002-12-12 at 09:04, Richard Welty wrote:
> > However, I wonder if MD5 will acutally help in court as long it is not
> > protected inside a crypt sig - somebody out there with an opinion on
> > this?

MD5 is sufficient to demonstrate the integrity of the message. How would
you actually go about proving the authenticity of the hash? What 
constitutes authenticity of a hash produced from a log file?

The purpose of the hash is to show the log file hasn't been altered 
since the hash was produced. It doesn't matter who calculated the hash, 
as long as you can make the court believe it was done *before* anyone 
got a chance to tamper with your log. The only party that could vouch
for that is the log source itself.

It would make sense for the log source (the syslog* client) to sign each
and every log record before sending it out, the signature being an MD5 
or SHA-1 or similar hash of the record, encrypted with the source's 
private key. The price of this is some substantial PKI infrastructure 
overhead. Alternatively, if you've got a trusted data channel between 
log client and log server, the server could do the signing of records. 

Either way, you'd get a log file that carries a signature for every 
line. The signature can be transformed into the original hash by simple 
decryption.

> depends on the circumstances. in normal deployment in IPSec or SSL, you
> would use HMAC-MD5 or HMAC-SHA1, which are signed, and thus provide

Actually, they're not signed but keyed. They are only meaningful to
parties who share a secret key. 

> authentication of the source as well as modification detection.

It only allows those functions to be performed by someone who also 
possesses the secret key used in HMAC-*. That means in court you'd
have to disclose your secret key.

Usually, keyed hashes are transient, use session keys of limited 
lifetime and get thrown away after verification. (A notable exception
to this is DNS TSIG.)

Cheers
Steffen.


_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Darren Reed: "Re: [logs] SDSC Secure Syslog"
• Previous message: Tevfik Karagulle: "Re: [logs] Firewall One and Syslog"
• In reply to: Richard Welty: "Re[2]: [logs] Log archival"
• Next in thread: Paul D. Robertson: "RE: [logs] Log archival"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 17:14:58 PST