Yogi,
I had done something similar with my own logging framework, but used an RSA
key pair and javax.security.Signature to essentially get a 'true' digital
signature, as opposed to a MAC. But I agree that in many situations (my own
included) a MAC is better for non-repudiation purposes that don't require
an untrusted third-party to verify the log stream, using a symmetric key
with a MAC is probably much faster than an asymmetric key with a signature.
I suggest that you consider using the MAC from the previous entry written
to the log when calculating the current MAC. This will enable you to detect
if someone has removed a log record. Perhaps simply writing a sequence
number with each log record will achieve the same result, but if you
cryptographically tie all of the log records together, then I guess it
makes it harder for an attacker who DOES know the secret key (a rogue
sysadmin perhaps?) to tamper with a single record without having to update
the MACs on all of the subsequent records.
Of course, someone could simply attack the logs by just deleting records,
or deleting entire log files, but I guess we have to rely upon
operating-system level security for that!
Regards,
James W.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
