[Python-Dev] tamper-evident logs

[Jeff Epler]

On Tue, Oct 22, 2002 at 10:55:54PM -0400, Bryan L. Fordham wrote:
> here's a question for y'all:

This is not a question for python-dev.  Redirected to python-list.

> I've written a simple http proxy that logs the domains visited.  The idea
> is that it keeps a list of the unique domains for each day.  No problem.
> The problem is that I want it to be obvious if someone has deleted
> something from the logs.
> 
> This is a little bit o' software meant to run on the user's box.  It does
> not have to be impossible to tamper with it, nor do I need to be able to
> say what was removed; just "hey, someone futzed with the log!"

The simplest idea that comes to mind would be to store a hash of the
log combined with a "secret".  (Of course, since it'll necessarily be
stored on the same computer, it's not really a "secret", but it can be
obfuscated as much as you like)

If "l" stands for logfile, "s" stands for secret, and "h" stands for the
hash function, then you want to calculate and store
    h(l+s)
later, you can use the same l, s, and stored hash to show that the log has
been tampered with. (However, if your adversary can compute h(l'+s) then he
can forge a hash that will make you believe the log has been altered when
it actually hasn't)

If you assume that the hash function "h" is a good one, and that your
adversary will not be able to determine "s" by inspecting your program, I
think you're in good shape.  Of course, a determined adversary *would* be
able to determine "s", no matter how well you attempt to hide it in your
program.

Jeff
PS the md5 and sha modules provide two good hashes.  these are both good
enough that it's more likely the attacker will decide to determine "s" than
break the hash itself.
PPS Also, you might find a way to make this scheme include the date,
so that the user can't browse one set of sites one day, a second set the
second day, but record the first day's log again and have you "believe"
it's valid.