Christopher James Coleman
ug97cjc at cs.bham.ac.uk
Wed Feb 18 04:01:15 PST 2004
On Wed, 18 Feb 2004, Ian Molton wrote:
> Is there any reason not to use public key crypto on logs? that way only
> root can decrypt them and the key neednt be stored locally. then you
> could log pretty much whatever you pleased.
The only reason I can think of is due to a Denial of Service potential.
Encrypting every single log entry has a significant overhead. Admittedly,
on most modern systems this may not be as important. I suppose you have a
greater potential for disk-space-based DoSs as well, as the padding used
to improve strength against cryptanalysis also can take up significant
extra space. I am not saying it is not a good idea, or even that these
potential DoSs do not exist without the encryption, but there is an
increased risk. As with everything in security, you balance this increased
risk against the potential benefits (as you say, ``then you could log
pretty much whatever you pleased'').
As a side note, encrypted logs tend to be inherently weaker than normal
encrypted data. This is because they consist of a standard output format.
This makes cryptanalysis much easier. For example, if a user can trigger a
logging event by some action it is not that difficult to work out what
they have done -- repeat the event ad nauseum, and you have a lot of
predictable plain-text underneath that encrpytion.
In general though, it is probably a good idea. In a book I was reading, it
also suggests using incremental nonces in order to aid in verifying log
integrity. I think I remember them also saying that no current `syslog'
style utility does this.
More information about the hlfs-dev