Hi, 3 simple (obvious?) options: - don't use PRI on signature (wich sucks, because if someone lowers the priority, important messages may get lost); - save PRI on signature extra payload (while there, maybe date too); - or H(H(msg),PRI) then if the admin did store them, ie on /var/log/authlog, messages could be tried, with a sort of bruteforce (this looks bad, but hey THEY left the PRI out!). anyway from syslog.conf you reduce the possibilities. This is the bestial way, but it works with only a minor performance problem, and it is transparent to ppl who do save the PRI.
but this all are hacks, and maybe somebody spending a few more minutes thinking it out finds a more elegant way... Alejo Chris Lonvick wrote: > > If the signature were made over what it seen on the wire, it > would not match a signature made over what is stored on disk.
