Login functionality

ken_i_m at elegantinnovations.net ken_i_m at elegantinnovations.net
Thu Feb 19 01:31:12 PST 2004


On Thu, Feb 19, 2004 at 09:37:02AM +0100, Erik Postma (epostma at nl.tue.win) wrote:
> Hi all, been lurking for a _long_ while but couldn't resist jumping in
> here.

I have heard that zen meditation is good for building self control.  :-)

> *snip*
> No. In a public key cryptosystems you give the opponent _by definition_ an
> encrypting oracle, enabling chosen plaintext attacks. If this would give
> him or her any information on the private key, the encryption scheme could
> not be used for _any_ useful work.

You state the obvious but make no point.  Public key encryption is a very 
poor choice for logs (or bulk encryption in general).  Several of my 
servers generate in excess of 150MB of logs per day.  If encrypted, for 
example, via an encrypted filesystem they would contain a huge amount of 
_known_ text that is highly repetitive.

>  Think about it for yourself: would you
> publish your openPGP key if that would lessen the security of your private
> key? What's keeping an opponent from encrypting any plaintext they want,
> even without you knowing?

This is a fallacious argument.
> 
> For those less versed in crypto jargon: a chosen plaintext attack is
> the situation where the attacker could encrypt _any_
> plaintext of their choosing and then tries to find information about the
> private key used, or alternatively, tries to decrypt a given piece of
> encrypted date. In a private key cryptosystem, this is exactly the
> situation which we are in, so an encoding scheme that is not resistant to
> this is completely useless.

Dispense with the pedagogical stance.  If someone does not understand 
they can ask.  Checking the archives you will find pointers to a number 
of tutorials, books, and links to background information on encryption.

Again public key encryption is a very poor choice for bulk data.  In 
the case of logs a great deal of the content and structure is known.  
It is very regular.  This makes any practical encryption of log data 
weak.
-- 
I think, therefore, ken_i_m
Chief Gadgeteer, Elegant Innovations
Founder, Bozeman Linux Users Group
(406) 581-0495



More information about the hlfs-dev mailing list