dagmar.wants at nospam.com
Wed Feb 18 10:19:38 PST 2004
On Wed, 2004-02-18 at 06:01, Christopher James Coleman wrote:
> As a side note, encrypted logs tend to be inherently weaker than normal
> encrypted data. This is because they consist of a standard output format.
> This makes cryptanalysis much easier. For example, if a user can trigger a
> logging event by some action it is not that difficult to work out what
> they have done -- repeat the event ad nauseum, and you have a lot of
> predictable plain-text underneath that encrpytion.
This is _very_ true. Chosen/known plaintext attacks, especially with a
sizeable volume of data, severely weaken the strength of the cipher.
> In general though, it is probably a good idea. In a book I was reading, it
> also suggests using incremental nonces in order to aid in verifying log
> integrity. I think I remember them also saying that no current `syslog'
> style utility does this.
Syslog-ng does, or so I thought.
The email address above is phony because my penis is already large enough, kthx.
AIM: evilDagmar Jabber: evilDagmar at jabber.org
More information about the hlfs-dev