How to set time.
Niels Elgaard Larsen
elgaard at agol.dk
Thu Jul 23 21:32:27 UTC 2009
Watson Ladd wrote:
> Niels Elgaard Larsen wrote:
>> On the other hand it would work better for eg. TOR browser bundle.
> It would enable an entry guard to give a different time to a client, and
> so distinguish that client's connections to sites of interest via
> protocols that use a timestamp sent in the clear.
Yes, that was why i suggested only using it to set the time zone by
changing the clock a number of hours.
Using an average of three entry-nodes could also work. Maybe add a
little random time.
Because what is the alternatives for setting time?
GPS or DCF77 would be good, but requires hardware.
Having users setting it from other sources would work, but not is very
user friendly. Especially on a live-cd where we do not even know the
local timezone, we would have to let the user also input the timezone or
ask what time it is in London now.
NTP is an option, but if used without authentification it also opens up
for the attack you described. For an organization or a country
controlling an entire network it would be easy to change timestamps in
flight. NTP is even worse because you could change the clock many times
during a session. And which NTP-servers with authentification would you use?
More information about the tor-talk
mailing list