SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I think what everybody is saying is that when your system is penetrated you can't rely on anything. Who's to say that the attacker didn't insert a process to modify the logs before they are encrypted/signed, or crack the encrytion/signing process.
I can see that encrypted or signed logs can be a useful addition to the security toolbox, but are no panacea and, to me at least, not a compelling reason to adopt systemd.
Last edited by Eternal_Newbie; 08-28-2012 at 12:14 PM.
Reason: signed or encrypted
what is the point of the Shadow file passwords being encrypted then? I'm about to break LQ rules by cursing you out here...
Hackers can crack it anyway right?
True...
so why encrypt it? Why encrypt anything if hackers can crack it so easily.
Shadow file passwords are hashed, not encrypted. They cannot be 'cracked', only discovered by brute force hashing attempts (which are becoming increasingly easy, but I digress).
I think either I am misunderstanding the systemd FSS/journal or everyone else seems to be. I don't think there is any encryption, just signing (with a clever algorithm, though if a smart hacker manages to time it right he should be able to get the sealing key within 15 minutes, allowing him to generate the rest...). I don't have a problem with the signing of logs and I think the mechanism is well thought out. The problem is that the journal stores things in a weird format, containing some binary data (ie the binary data is mixed in with plaintext data, making reading the journal with non-systemd utilities difficult). A good solution would have been to enable FSS for existing logging daemons -- you would still have plaintext parsable logs but you would have the pseudosecurity of cryptographic signatures.
A good solution would have been to enable FSS for existing logging daemons -- you would still have plaintext parsable logs but you would have the pseudosecurity of cryptographic signatures.
For everyone posting here at a more than average rate could you please consider the following constructive remarks?
For your contributions to be of value:
- please do not quote whole posts if you only address one sentence,
- please consider not responding to each and every post, but most of all
- please let your current level of knowledge guide you when to and when not to post.
the solution we choose is a remote log server (over ssl) with no shell access: I personally think it's safer than any signature trick.
This is the best option by far, if you can send the logs to a remote server with limited to no shell access, it's not that its safer though, encryption should never be used as a form of security. The reason for this being is if you can copy an encrypted file it gives the attacker more time with it, this can't be stopped, once the attacker has the file he has all the time in the world to get the data.
Well he has enough time to get the data he considers relevant, data in most cases after time becomes useless because of bit rot and other situations where the data might be good for a certain window of time.
The best way to deal with logs I find is use remote logging server with a firewall that only allows Server IP's on the port required to send messages to the log daemon. Theses servers should not be allowed to ssh, telnet or use any other form of client that allows remote access to and from each other.
This way not only do they have to break in to a server of yours but they have to break into another server to hide there tracks that has no connectivity accept the logging service to the logging box.
What encryption has always been designed for is to help protect against a man in the middle attacks, think SSL for a brief second or so the data you send to your banks is very important but after that second the data that was being encrypted is now useless, now you can capture this data all you want because you can never crack it in time for an attack, (unless of course you can generate 1.21 "Jiga-watts" and happen to know how a flux capacitor works) and can build one.
Anyways encryption was never a tool for security, proof of this is whole disk encryption, if I can freeze the ram chips I can extract he key making any encryption effort you just made useless, I know how to obtain the key. Encryption is more of a Microsoft's approach to things.. (Security through Obscurity) the problem is in this case we can exploit the hardware to force the key out of hiding.
I find everyone that are ranting HERE about systemd here is pretty funny.Instead of whining here where no systemd developer will ever see you, why don't you go on the relevant mailing list or IRC channel?
I tried myself and when you ask any questions, someone (even lennart itself answered me once) will really answer you very nicely. I saw too a lot of features that were implemented in systems after someone asked about in on the ml, on the IEC channel or even at a conference.
Shadow file passwords are hashed, not encrypted. They cannot be 'cracked', only discovered by brute force hashing attempts (which are becoming increasingly easy, but I digress).
I think either I am misunderstanding the systemd FSS/journal or everyone else seems to be. I don't think there is any encryption, just signing (with a clever algorithm, though if a smart hacker manages to time it right he should be able to get the sealing key within 15 minutes, allowing him to generate the rest...). I don't have a problem with the signing of logs and I think the mechanism is well thought out. The problem is that the journal stores things in a weird format, containing some binary data (ie the binary data is mixed in with plaintext data, making reading the journal with non-systemd utilities difficult). A good solution would have been to enable FSS for existing logging daemons -- you would still have plaintext parsable logs but you would have the pseudosecurity of cryptographic signatures.
encrypted and hashed? These are pretty much word games. Hash is an encryption method. You don't think I don't understand all you are saying.
I have already proved to my self certain things and got my knowledge... everybody else can use their own text files no point in arguing... let me move on.
I am sure not everyone in here is brain dead... those that got the message stay silent and understand. Others will complain but I won't respond unless there is something for me to gain. I don't need to prove myself to everyone. Those that know know...
It isn't a perfect solution but its utility is nonzero...you still can't be sure that your logs haven't been tampered with if the verification goes well but there is a higher probability that they haven't vs. unsigned logs.
Quote:
Originally Posted by ponce
the solution we choose is a remote log server (over ssl) with no shell access: I personally think it's safer than any signature trick.
This is the best solution but if you have no other server (ie you are using a standalone computer) then your options become limited. I think the sealing algorithm at least lets these users have some element of log verification, even if it isn't perfect. This does not mean I desire this for myself, but I can at least see the rationale behind it.
Quote:
Originally Posted by ProtoformX
Anyways encryption was never a tool for security, proof of this is whole disk encryption, if I can freeze the ram chips I can extract he key making any encryption effort you just made useless, I know how to obtain the key. Encryption is more of a Microsoft's approach to things.. (Security through Obscurity) the problem is in this case we can exploit the hardware to force the key out of hiding.
I don't know how many times I can say this -- security is a process, not a product. You build up security by implementing various layers. If your computer is OFF, then freezing the RAM chip isn't going to do much good. Even if it is ON, not everyone has the capability to freeze the RAM and get the data off it -- this is not a pedestrian task. Additionally, there is no way to know whether the running system is encrypted or not, so a simple data thief may attempt to turn off the computer and mount the drive separately -- at which time they realize their mistake. Of course you can't believe that any system, encrypted or otherwise, is 100% secure, but pretending that this offers NO additional security just because it is theoretically possible to crack it makes the mind boggle. You should be using good system administration techniques along with whatever other security measures are justified -- even if that includes encrypting the hard drive.
Quote:
Originally Posted by Mercury305
encrypted and hashed? These are pretty much word games. Hash is an encryption method.
Two-way, crackable and brute-forceable, vs. one-way, brute-forceable only, constitutes a significant difference. You lose data when hashing and cannot go backwards. If you insist this is wordplay then I don't know what else to say.
For fear of evoking unSpawn's wrath I think I'll go silent for the time being.
Two-way, crackable and brute-forceable, vs. one-way, brute-forceable only, constitutes a significant difference. You lose data when hashing and cannot go backwards. If you insist this is wordplay then I don't know what else to say.
For fear of evoking unSpawn's wrath I think I'll go silent for the time being.
Before worrying about the wrath of unSpawn worry about the wrath of the dictionary:
How is hash not a form of encryption?
In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. ... http://en.wikipedia.org/wiki/Encryption
(Encrypt (movie)) Encrypt is a television movie that premiered June 14, 2003 on the Sci-Fi Channel. Set in the year 2068, the Earth's surface is in a cataclysmic upheaval, much of it transformed into wasteland by unstoppable storms (the byproduct of the destruction of the ozone layer). ... http://en.wikipedia.org/wiki/Encrypt_(movie)
(Encrypt) The act of encoding a file for the purpose of preventing others from gaining access to its contents. In most cases only users with the correct password are able to use the encryption program to make the file readable again. http://www2.unwired.com.au/what-is-u...computer-terms
(Encrypted) The details you provide are encrypted using an independent third party system we believe to be virtually unbreakable. However law enforcement agencies may be able to decode these messages. https://secure.wsa.u-net.com/www.fra...finitions.html
(Encrypting) a database prevents users from reading your program with other programs like Microsoft Word, Excel or other utility program. http://www.cheapsides.com/database glossary.htm
To convert data from its original form to a form that can only be read by someone that can reverse the encryption. The purpose of encryption is to prevent unauthorized reading of the data. http://www.megaadvertising.co.nz/Gra..._glossary.html
Prevents any non-authorized party from reading or changing data. The level of protection provided by encryption is determined by an encryption algorithm. In a brute-force attack, the strength is measured by the number of possible keys and the key size. ... http://www.100best-web-hosting.com/glossary/terme.html
The process of scrambling information in a way that disguises its meaning. For example, encrypted connections between computers make it very difficult for third-parties to unscramble, or decrypt, information flowing over the connection. ...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.