Fee, fi, fo, fum,
I smell a troll in this forum.

Your grasp of security is clearly flawed.

Not everybody is working in the IT sector like you (or even wishes to do so).

I think what everybody is saying is that when your system is penetrated you can't rely on anything. Who's to say that the attacker didn't insert a process to modify the logs before they are encrypted/signed, or crack the encrytion/signing process.

I can see that encrypted or signed logs can be a useful addition to the security toolbox, but are no panacea and, to me at least, not a compelling reason to adopt systemd.

1 members found this post helpful.

I especially liked Mercury305's earlier comment about 'that Allen(sic) Cox guy'. Doesn't he know than Alan Cox is *The* kernel maintainer?

1 members found this post helpful.

as someone else already said, encrypted logs just make the work of the sysadmin (that has to read them) harder, so they're evil.

1 members found this post helpful.

Shadow file passwords are hashed, not encrypted. They cannot be 'cracked', only discovered by brute force hashing attempts (which are becoming increasingly easy, but I digress).

I think either I am misunderstanding the systemd FSS/journal or everyone else seems to be. I don't think there is any encryption, just signing (with a clever algorithm, though if a smart hacker manages to time it right he should be able to get the sealing key within 15 minutes, allowing him to generate the rest...). I don't have a problem with the signing of logs and I think the mechanism is well thought out. The problem is that the journal stores things in a weird format, containing some binary data (ie the binary data is mixed in with plaintext data, making reading the journal with non-systemd utilities difficult). A good solution would have been to enable FSS for existing logging daemons -- you would still have plaintext parsable logs but you would have the pseudosecurity of cryptographic signatures.

2 members found this post helpful.

Why is propagating snake oil a "good solution"?

For everyone posting here at a more than average rate could you please consider the following constructive remarks?

For your contributions to be of value:
- please do not quote whole posts if you only address one sentence,
- please consider not responding to each and every post, but most of all
- please let your current level of knowledge guide you when to and when not to post.


I'm confident you dig what I'm saying,
TIA.

2 members found this post helpful.

the solution we choose is a remote log server (over ssl) with no shell access: I personally think it's safer than any signature trick.

4 members found this post helpful.

This is the best option by far, if you can send the logs to a remote server with limited to no shell access, it's not that its safer though, encryption should never be used as a form of security. The reason for this being is if you can copy an encrypted file it gives the attacker more time with it, this can't be stopped, once the attacker has the file he has all the time in the world to get the data.

Well he has enough time to get the data he considers relevant, data in most cases after time becomes useless because of bit rot and other situations where the data might be good for a certain window of time.

The best way to deal with logs I find is use remote logging server with a firewall that only allows Server IP's on the port required to send messages to the log daemon. Theses servers should not be allowed to ssh, telnet or use any other form of client that allows remote access to and from each other.
This way not only do they have to break in to a server of yours but they have to break into another server to hide there tracks that has no connectivity accept the logging service to the logging box.

What encryption has always been designed for is to help protect against a man in the middle attacks, think SSL for a brief second or so the data you send to your banks is very important but after that second the data that was being encrypted is now useless, now you can capture this data all you want because you can never crack it in time for an attack, (unless of course you can generate 1.21 "Jiga-watts" and happen to know how a flux capacitor works) and can build one.

Anyways encryption was never a tool for security, proof of this is whole disk encryption, if I can freeze the ram chips I can extract he key making any encryption effort you just made useless, I know how to obtain the key. Encryption is more of a Microsoft's approach to things.. (Security through Obscurity) the problem is in this case we can exploit the hardware to force the key out of hiding.

1 members found this post helpful.

I find everyone that are ranting HERE about systemd here is pretty funny.Instead of whining here where no systemd developer will ever see you, why don't you go on the relevant mailing list or IRC channel?
I tried myself and when you ask any questions, someone (even lennart itself answered me once) will really answer you very nicely. I saw too a lot of features that were implemented in systems after someone asked about in on the ml, on the IEC channel or even at a conference.

Smart admins in critical DC's do exactly this.

Regards.

encrypted and hashed? These are pretty much word games. Hash is an encryption method. You don't think I don't understand all you are saying.
I have already proved to my self certain things and got my knowledge... everybody else can use their own text files no point in arguing... let me move on.
I am sure not everyone in here is brain dead... those that got the message stay silent and understand. Others will complain but I won't respond unless there is something for me to gain. I don't need to prove myself to everyone. Those that know know...

It isn't a perfect solution but its utility is nonzero...you still can't be sure that your logs haven't been tampered with if the verification goes well but there is a higher probability that they haven't vs. unsigned logs.
This is the best solution but if you have no other server (ie you are using a standalone computer) then your options become limited. I think the sealing algorithm at least lets these users have some element of log verification, even if it isn't perfect. This does not mean I desire this for myself, but I can at least see the rationale behind it.
I don't know how many times I can say this -- security is a process, not a product. You build up security by implementing various layers. If your computer is OFF, then freezing the RAM chip isn't going to do much good. Even if it is ON, not everyone has the capability to freeze the RAM and get the data off it -- this is not a pedestrian task. Additionally, there is no way to know whether the running system is encrypted or not, so a simple data thief may attempt to turn off the computer and mount the drive separately -- at which time they realize their mistake. Of course you can't believe that any system, encrypted or otherwise, is 100% secure, but pretending that this offers NO additional security just because it is theoretically possible to crack it makes the mind boggle. You should be using good system administration techniques along with whatever other security measures are justified -- even if that includes encrypting the hard drive.
Two-way, crackable and brute-forceable, vs. one-way, brute-forceable only, constitutes a significant difference. You lose data when hashing and cannot go backwards. If you insist this is wordplay then I don't know what else to say.

For fear of evoking unSpawn's wrath I think I'll go silent for the time being.

1 members found this post helpful.

Before worrying about the wrath of unSpawn worry about the wrath of the dictionary:
How is hash not a form of encryption?

Web definitions

encoding: the activity of converting data or information into code
http://wordnetweb.princeton.edu/perl/webwn?s=encryption

(encrypt) code: convert ordinary language into code; "We should encode the message for security reasons"
http://wordnetweb.princeton.edu/perl/webwn?s=encrypt

In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. ...
http://en.wikipedia.org/wiki/Encryption

Encryption is an album by the band Pro-jekt. It was released in 2002 by Nightbreed Records.
http://en.wikipedia.org/wiki/Encryption_(album)

(Encrypt (movie)) Encrypt is a television movie that premiered June 14, 2003 on the Sci-Fi Channel. Set in the year 2068, the Earth's surface is in a cataclysmic upheaval, much of it transformed into wasteland by unstoppable storms (the byproduct of the destruction of the ozone layer). ...
http://en.wikipedia.org/wiki/Encrypt_(movie)

The process of obscuring information to make it unreadable without special knowledge, key files, and/or passwords
http://en.wiktionary.org/wiki/encryption

(encrypt) To conceal information by means of a code or cipher
http://en.wiktionary.org/wiki/encrypt

(encrypt) To encode (scramble) information in such a way that it is unreadable to people who don't have a key to the code.
http://powerpoint.org.ua/0735623015/gloss01.html

(ENCRYPT) to encipher or ENCODE; reciprocal DECRYPT, decipher, or DECODE is required. See ALPHABET SOUP, CODE TALKER, CIPHER, KAK, SHACKLE, SCRAMBLE, NULLITY, BURST, TAP CODE, DUNGEON, CRYPER, INTEL, ASA, MI, CIC, ICAP, IR, COMICS, RTO, RADIO. ...
http://combat.ws/S4/MILTERMS/MT-E.HTM

(Encrypt) Generic term encompassing encipher and encode.
http://jproc.ca/crypto/terms.html

(Encrypt) Takes , a message and and outputs the encryption .
http://www.websters-online-dictionar...ition/ID-BASED CRYPTOGRAPHY

(Encrypt) The act of encoding a file for the purpose of preventing others from gaining access to its contents. In most cases only users with the correct password are able to use the encryption program to make the file readable again.
http://www2.unwired.com.au/what-is-u...computer-terms

(Encrypt) To “scramble” the data within a file so that only those who have the digital key or password can view it.
http://www.officedepot.ca/computer-jargon.asp

(Encrypt) Using an algorithm to transform data to conceal its meaning or value
http://www.aimglobal.org/technologie...msglossary.asp

(Encrypted) An agreement that the meaning of bids or card signals may change as more information about a deal becomes available. ...
http://wapedia.mobi/en/Glossary_of_c...idge_terms?t=6.

(Encrypted) Digital Video and/or Audio have been encoded and require special keys or processes to make it visible.
http://wiki.robotz.com/index.php/Tal...ons_Dictionary

(Encrypted) Scrambled, as in programmes or channels that you need a viewing card to be able to watch.
http://www.bbc.co.uk/reception/info/jargon.shtml

(Encrypted) The details you provide are encrypted using an independent third party system we believe to be virtually unbreakable. However law enforcement agencies may be able to decode these messages.
https://secure.wsa.u-net.com/www.fra...finitions.html

(Encrypting) a database prevents users from reading your program with other programs like Microsoft Word, Excel or other utility program.
http://www.cheapsides.com/database glossary.htm

(Encrypting) protects confidentiality of files
http://home.comcast.net/~mcsepmp/securitycram.htm

(encrypting) "Scrambling" data and applying a password for security reasons.
http://msaccess.org.ua/0735623031/gloss01.html

To convert data from its original form to a form that can only be read by someone that can reverse the encryption. The purpose of encryption is to prevent unauthorized reading of the data.
http://www.megaadvertising.co.nz/Gra..._glossary.html

Prevents any non-authorized party from reading or changing data. The level of protection provided by encryption is determined by an encryption algorithm. In a brute-force attack, the strength is measured by the number of possible keys and the key size. ...
http://www.100best-web-hosting.com/glossary/terme.html

The process of scrambling information in a way that disguises its meaning. For example, encrypted connections between computers make it very difficult for third-parties to unscramble, or decrypt, information flowing over the connection. ...