On Thu, Oct 21, 1999 at 08:58:25AM +1000, Darren Reed wrote:
>
> I have one problem with this: it requires changes/additions to the original
> message. This poses some obvious problems when you start adding MAC's of
> the original message, etc, to what's being sent around.
>
> SMTP supports that sort of thing with additional information added in the
> "Received" lines, but then we all know how secure/reliable SMTP is by itself.
I think that we can insert the hash into the message itself without
security risks. For example an entry like the following is only more dirty:
"in.ftpd[9077]: connect from 127.0.0.1 <2290babda371e52eeca2a2065a358783>"
Collisions can be avoided (in the case the logged line has a <32digits> string)
simply requiring that at least one of this strings matchs the HASH(msg+secret).
Maybe that without changes/addictions to insert the hash in the message
itself is the only solution, also is backward compatible.
antirez
