LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

making the logs temper evident through git like hash chains

making the logs temper evident through git like hash chains

Posted Nov 21, 2011 23:52 UTC (Mon) by cmccabe (guest, #60281)
In reply to: making the logs temper evident through git like hash chains by nevyn
Parent article: The Journal - a proposed syslog replacement

> I think you missed the point ... git and journald can happily use SHA-1
> because it adds no security at all

Er, I think perhaps it is you who is missing the point. TFA says:

> Each entry authenticates all previous ones. If the top-most hash is
> regularly saved to a secure write-only location, the full chain is
> authenticated by it. Manipulations by the attacker can hence easily be
> detected.

The point is to get security, not to "happily use SHA-1."

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds