On Thu, Sep 27, 2012 at 4:36 AM, Andreas Jaeger <aj@suse.com> wrote:
Do you know of any links to how it's done?
Read the design document and Lennart's blog posts, google for "journal Lennart" should give you the links.
Thanks, that's very very little information, but: "Inspired by git, in the journal all entries are cryptographically hashed along with the hash of the previous entry in the file." That's quite easy to forge. Just recompute all hashes. A modern computer can do that in a few seconds for a hundred-MB file. A lot easier if the entry I want to forge is the last one. If it was a MAC, maybe it would be a tad harder (but I wouldn't expect it to be too hard). Still possible though. "If the top-most hash is regularly saved to a secure write-once location, the full chain is authenticated by it. Manipulations by the attacker can hence easily be detected." I would certainly like details on this part. Unluckily, the design doc says nothing of this. I do not know a single write-once location on a computer, other than with specialized hardware. In essence, I distrust that "write-once" assertion. I know this should go to the systemd list, but my point is, the journal is a half-baked solution. Most of the "benefits" are just marketing, and the real benefits (trusted properties and standardized format IMHO) aren't exclusive to the journal anyway. The cryptography part really should be ignored until peer-reviewed, because cryptography is a very tricky business. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org