GnuCash is safe. Was re: How safe is GnuCash?
elfrinjo
devops at elfrinjo.de
Sun Jan 15 13:23:54 EST 2017
Hi there, I just registered to comment on this issue; so please excuse this
post is in the wrong position of the thread.
I think a git based solution to this Problem works (almost) perfectly.
So let's start with the "almost": GIT uses SHA-1 which is considered to be
unsafe when big amounts of random data can be added to the repository
without anyone noticing it.
I can't decide whether this breaks it all or if it is still sufficient...
More info can be found here:
http://www.securityweek.com/new-collision-attack-lowers-cost-breaking-sha1
So this is the workflow:
- Have a git repo for GC database and receipts.
- The GC database is saved in plaintext without logs or compression.
- The repo is committed regularly or for special transactions.
- The commits are tagged and signed with a public timestamping service
(This is the important one)
The result:
- The diffs of the xml file show if modifications were made or if data was
just added. The readability very much depends on how often the repo is
committed.
- This leaves a cryptographically safe audit-trail (with the limitations of
SHA-1).
- The timestampig and signature gives an external evidence.
It certifies that you had a certain version of your data,
that could produce a certain hash,
at a certain point in time.
As every revision in git includes the hash of the last version, this
means that you can proudce a chain of all your versions and only the diffs
git prints out are the way from one revision to the next one.
- The receipts are tied closely to the GC data.
- A simple backup solution with git push comes as a bonus.
However, git is not easily to understand for non-technical people - so a
nice gui would still be missing.
Cheers, Joerg
More information about the gnucash-user
mailing list