Encrypted log files?

Asked by l33ting disorder

I notice there's an encryption plugin for Pidgin, but it doesn't seem to touch the logs.

Is there a plugin that GPG-encrypts the log files so a password is required to read them?

If not, can I suggest that be added in the next pidgin release? :)

Question information

Language:
English Edit question
Status:
Answered
For:
Pidgin Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Richard Laager (rlaager) said :
#1

Use filesystem-level encryption. This protects everything, not just your pidgin logs.

Revision history for this message
l33ting disorder (omni-networksense) said :
#2

I looked into that.

It seems that with filesystem-level encryption, I'd need to enter my password in order for pidgin to be able to write the logs.

I'd like pidgin to be able to write to the log dir without me having to enter my password, but require a password to read from the log dir.

Thanks :)

Revision history for this message
Richard Laager (rlaager) said :
#3

On Wed, 2008-08-20 at 08:53 +0100, Brian Morrison wrote:
> On Wed, 20 Aug 2008 07:30:33 -0000
> l33ting disorder <email address hidden> wrote:
>
> > It seems that with filesystem-level encryption, I'd need to enter my
> > password in order for pidgin to be able to write the logs.
> >
> > I'd like pidgin to be able to write to the log dir without me having to
> > enter my password, but require a password to read from the log dir.

This could be done, but really, filesystem encryption is the way to go.
In practice, you're going to enter your passphrase once at bootup and
then you'll just lock the screen with your login password while it's
running.

> Well, if you are using filesystem encryption and want everything to
> work without any pass-phrase, how does that count as extra security?

Google for "Public key cryptography".

Richard

Revision history for this message
Fabián Rodríguez (magicfab) said :
#4

If I may add to this, starting with Intrepid you can use private directories which are unlocked at login...

Revision history for this message
Rich Jones (richwjones) said :
#5

I propose that this is a necessary feature and that file-system level encryption is not a satisfactory solution.

The reason beings what we can call "girlfriend-proofing," , although it would certainly apply in other cases as well.

The times I am worried about people looking at my logs aren't when my computer is being forensically analyzed, but rather when I am simply AFK for a moment and certain nosy female people are looking at my computer. I'm already logged in, so running in a non-encrypted environment, and I can't lock the computer every time I walk away from the computer without starting a fight. But still, I don't want to be snooped on.

So, encrypted logging is the only solution.

It seems the implementation is simple enough. Pidginlogger has its own RSA keypair, and the private key is password protected. The logs are freely written using the public key, but only I can control the private key to decrypt them.

And there you have it. Simple enough, and I think this is a really, really mission critical feature to be added.

Thoughts?

Revision history for this message
l33ting disorder (omni-networksense) said :
#6

Hear hear!!

While the argument of girlfriend-proofing would be argued against by moral puritans, the crux of the issue still holds water just from a purely security-oriented perspective.

If someone manages to root a system, they should not implicitly have access to all the user's sensitive data (such as IM logs).

Revision history for this message
Launchpad Janitor (janitor) said :
#7

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
l33ting disorder (omni-networksense) said :
#8

(bump)

Are we going to have to bump this every 14 days to keep it active?

Revision history for this message
Launchpad Janitor (janitor) said :
#9

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
l33ting disorder (omni-networksense) said :
#10

(bump)

Launchpad Janitor wrote:
> Your question #42611 on Pidgin changed:
> https://answers.launchpad.net/pidgin/+question/42611
>
> Status: Open => Expired
>
> Launchpad Janitor expired the question:
> This question was expired because it remained in the 'Open' state
> without activity for the last 15 days.
>
>

Revision history for this message
Rich Jones (richwjones) said :
#11

I have applied to solve this problem as a GSoC project. I have the skills, it's up to Google and the lead Devs at this point..

Revision history for this message
Fabián Rodríguez (magicfab) said :
#12

Regarding "girlfriend-prrofing" you should learn about:
- Setting the screensaver to expire OR tying your session expiration/activation to a proximity device like Bluetooth ones (with the blueproximity package)
- Use multiple accounts on your computer, and the face browser. Show your GF and other in your household how to use multiplelogins.

And BTW no encryption will protect your data if you leave a session open with your PC unattended for even 10 minutes. Anyone determined to get to it will do so.

Revision history for this message
Rich Jones (richwjones) said :
#13

The girlfriend explanation was a bit of a joke, I still firmly believe that strong encryption of log files is extremely important.

To say that no encryption will protect data on an unattended PC seems completely wrong to me, as that's the whole point of encryption.. it would take them hundreds of thousands of years to crack it, theoretically. No amount of sheer determination can factor primes that fast!

Bluetooth proximity devices and multiple logins are far more abstract solutions to this problem than tried and true cryptographic solutions. And when we're talking about years and years of stored personal conversations, that's a really important thing to get right.

Revision history for this message
Fabián Rodríguez (magicfab) said :
#14

Suggestions and feature requests are best driven by Launchpad blueprints and Ubuntu Brainstorm ideas.

I'll add this last thing on my part regarding your perceived extreme importance of Pidgin log files encryption:
http://xkcd.com/538/

My point is If you'll ignore and disregard common best practices (like NOT leaving your session unattended and making it timeout), there is no point in any encryption. It is trivial for anyone to install a keylogger for example and then access your data when you're not around. If someone roots your system, well, you have other problems already. Don't underestimate the human factors involved.

Revision history for this message
Rich Jones (richwjones) said :
#15

Is XKCD'ing the new Godwin's law? :)

I don't see why these two things have to be mutually exclusive. Not storing sensitive data in plaintext IS a common best practice which isn't implemented here. It's just another basic layer of security.

Can you help with this problem?

Provide an answer of your own, or ask l33ting disorder for more information if necessary.

To post a message you must log in.