I definitely agreee that it's important to make this stuff work on smaller systems. But...
Is MD5 really that much faster than SHA1? (MD5 has known problems and there are RFC's saying not to use it) As for asymetric keys, there are several problems: 1. Key distribution, as you point out. 2. Can't show as easily in court that a particular device generated the logs. 3. Messages subject to known plaintext attacks similar to the attacks on WEP. albert.mietus wrote: >Hay all, > >Aside from my remarks on the draft RFC (see another mail), I want to propose >to allow other hash/sign algorithms as well. > >Currently only SHA1/DSA is allowed to compute a signature. Those algorithm's >are secure. >But, the are also very expensive, in CPU cycles! > >I have implemented a very-very draft version of syslog-sign, and run in on a >386 CPU (40Mhz). It takes ages! >The first testrun showed: 33 minutes to compute the key, and 4.7 seconds to >sign ONE message! >More timing is being generated, as I write this mail. Now the system is >otherwise idle, time is 50% faster, but still over 1 second/signature! > >This means syslog-sign is near-worthless on small (CPU poor) or real-time >systems! >============================================================================ >====== > >When the hardware can't afford expensive security, the options is no >encryption or fast/less-secure encryption. I prefer syslog-sign with >"simple" crypto algorithms over no security at all (by using normal syslog)! > >To make this possible, we should add alternative crypto algorithms in the >syslog-sign rfc. At least one, better several ones. > >Then an implementator/user has a choose: syslog, simple-signing more secure >signing, etc. >Remember, we aren't the one that makes chooses. The implementers is. He can >choose to follow the rfc or not! > >I think we should allow (keyed)MD5, as MD5 is already used a lot in "small >systems", for hashing. > >As alternative for SHA, we can use SHA-512, SHA-265 (smaller key's), and >probably also DES, 3DES en more. >Problem with (3)DES (with I guess is a lot faster) is that they aren't >asymmetric. So we can't publish a public key. >However, syslog-sign already has an option for "key distributed separately"; >which we probably can use. > >Currently I don't have a good overview of alternative's for SHA (with seems >to be the bottleneck). But I will investigate. >Comment's are welcome. > > >Hope, this premature timings will make clear only allowing SHA1/DSA isn't >going to make syslog more secure! > > > > >--ALbert >sent mail to [EMAIL PROTECTED], to address me personal. >sent mail to [EMAIL PROTECTED], to address me for businesses > > -- Chris Calabrese, GCIA Internet Security Analyst MerckMedco.com
