On 7/15/06, John Kelsey <[EMAIL PROTECTED]> wrote:
Another solution is to use cryptographic audit logs. Bruce Schneier and I did some work on this several years ago, using a MAC to authenticate the current record as it's written, and a one-way function to derive the next key. (This idea was apparently developed by at least two other people independently.) Jason Holt has extended this idea to use digital signatures, which makes them far more practical. One caveat is that cryptographic audit logs only work if the logging machine is honest when the logs are written.
Yeah, I love that idea, saw it at the 7th Usenix Security Symposium. For everyone else, there's an implementation here: http://isrl.cs.byu.edu/logcrypt/index.html I have been looking for something like this for a while. Note to Jason Holt: The subscribe links for the mailing lists are broken. I like the idea of encrypting the entries, but I thought that having to classify them into a finite number of classes, and restricting disclosure to be along class lines is restrictive, but I don't know offhand how to allow the logger to disclose arbitrary subsets efficiently. -- Resolve is what distinguishes a person who has failed from a failure. Unix "guru" for sale or rent - http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
