lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20030806095731.B84477-100000@dekadens.ghettot.org>
From: lcamtuf at coredump.cx (Michal Zalewski)
Subject: [inbox] Re: Reacting to a server compromise

On Tue, 5 Aug 2003, Curt Purdy wrote:

> The key here is to have the paper handled by only one person and witnessed
> by another and the access to that paper by only that person.

[...]

On Tue, 5 Aug 2003 Valdis.Kletnieks@...edu wrote:

> It's kind of hard to replace sheet 1,487 from a box of fanfold paper. :)

That's different. You're suddenly introducing certain additional
circumstances that render the approach more reliable.

However, I was arguing only with the original statement that claimed that
logs on read-write media are not admissable in the court, whereas
read-only media is. Period.

Once again, IANAL, maybe that is the case, although it is contrary to what
I've heard. I don't believe that would be reasonable. I don't think
there's an essential difference between storing logs on, say, cd-r as
opposed to cd-rw or magnetic tapes (or even a trusted monitoring system,
in some cases), as long as the material is handled the same way and there
is no integrity protection - be it the relative difficulty of replacing a
single sheet in a bulk amount of fanfold paper, yes, or some cryptographic
signatures on every recorded CD that are backed by a trusted hardware and
OS.

*If* there is a difference in how the media is handled, or if there is a
physical or cryptographical method of ensuring the integrity and
authenticity of every piece, it would be different, I'm not arguing with
that.

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2003-08-06 09:57 --

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ