making the logs temper evident through git like hash chains
Posted Nov 27, 2011 2:18 UTC (Sun) by rgmoore
(✭ supporter ✭
In reply to: making the logs temper evident through git like hash chains
Parent article: The Journal - a proposed syslog replacement
But the big security benefit in that case is from the existence of the WORM memory, since any data written to it is inherently tamper-proof. You could stick to an un-hashed text log and still have confidence that it hadn't been rewritten by an intruder. The benefit of the hash chain is that you can provide tamper evident recording by keeping only a fraction of the hashes, which is most important if the WORM storage is expensive or difficult to deal with. Of course keeping only a fraction of the hashes leaves open a potential window if the attacker can break in an alter the records between writes to WORM.
to post comments)