LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

making the logs temper evident through git like hash chains

making the logs temper evident through git like hash chains

Posted Nov 20, 2011 3:12 UTC (Sun) by cmccabe (guest, #60281)
In reply to: making the logs temper evident through git like hash chains by nevyn
Parent article: The Journal - a proposed syslog replacement

SHA1 has been weakened, but many other hash functions have not. Given that security is the whole point, I'm sure that Lennart will use a newer hash.

(Log in to post comments)

making the logs temper evident through git like hash chains

Posted Nov 20, 2011 19:19 UTC (Sun) by nevyn (subscriber, #33129) [Link]

I think you missed the point ... git and journald can happily use SHA-1 because it adds no security at all. git gets a bunch of other useful features out of using hashes, AFAICS it's just a waste for journald.

making the logs temper evident through git like hash chains

Posted Nov 21, 2011 23:52 UTC (Mon) by cmccabe (guest, #60281) [Link]

> I think you missed the point ... git and journald can happily use SHA-1
> because it adds no security at all

Er, I think perhaps it is you who is missing the point. TFA says:

> Each entry authenticates all previous ones. If the top-most hash is
> regularly saved to a secure write-only location, the full chain is
> authenticated by it. Manipulations by the attacker can hence easily be
> detected.

The point is to get security, not to "happily use SHA-1."

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds