On Wed, Jul 19, 2000 at 05:04:36AM -0400, Alex Brown wrote:
> This is not yet in proper RFC form, but it should suffice to restate the
> case for improved practice within an existing syslog environment. All
> comments are welcome.
>
> http://www.msg.com/~abrown/draft-syslog-auth.html
This is the format you suggest:
Nov 5 14:14:54 zorilla PAM_pwdb[509]: (login) session opened \
for user abrown by (uid=0) chain=227c40a6cde84f49bfad43c412490110 \
md5=a6739e57964c9dec7613d663f049c0f7
Nov 5 14:14:55 zorilla PAM_pwdb[509]: (login) session closed \
for user abrown chain=a6739e57964c9dec7613d663f049c0f7 \
md5=cbce1c7ced9cfdc1fb86ba8ef365d8eb
I don't think we need two md5 hash for each log line (chain= and md5=) We
could simply include the chain value implicitly in the value of md5. Here's
the formula to use:
M(i) is the ith message, CK(i) is the check value to be appended to the
message, and K(i) is the chaining value kept private. Given a K(i) you
derive the values of CK(i) and K(i+1) the following way:
(1) CK(i) = H(K(i) || M(i))
(2) K(i+1) = H(K(i) || CK(i))
So CK(i) depends on the contents of the message being sent, and the private
chaining value which depends on all previous messages. K(i) is never sent
through the wire, but is recalculated on each side when verifying messages.
The initial value K(0) is the key, which needs to be stored at both sides,
and which ensures message authenticity.
And also we may also want to seperate the hash values from the logline, for
instance by sending the hash values in the next line.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt
