Blaise St-Laurent wrote: > You are correct, by themselves, they prove 0. I should have said > signed (through cryptographic means) without being able to prove that > the md5 is authentic, and hasn't also been replaced, my suggestion is > pretty much useless. > > You can protect the database column from writing programatically > through permissions in the DB, such that no one can modify the > checksum once it is in place, but if the DB is compromised, so to are > the contents of that column. So what you're really saying is that the checksums and signing are only proving the data hasn't been altered since the checksum/signing was done... isn't there a recursion problem there? Seems to me that escrow is really the *only* answer to all this. If you write off your logs, and ship them off to another company for storage (or post the filenames and checksums for Google to index forever...), then the checksum of them is *merely* so that you can confidently say they haven't been altered since being written, and the escrow proves it. I don't see what signing gives you - other than proving no one *other than you* has rewritten the checksum (but you keeping a copy of those checksums would have done the same job). After all - doesn't this all come back to the courts trust in *you* - not the data? Jason _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Apr 07 2003 - 12:43:11 PDT