[tor-talk] [Tails-dev] secure and simple network time (hack)
Jacob Appelbaum
jacob at appelbaum.net
Fri Apr 12 17:58:46 UTC 2013
Elly Jones:
> On Fri, Apr 12, 2013 at 02:43:13PM +0300, Maxim Kammerer wrote:
>> On Fri, Jul 20, 2012 at 3:07 AM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>>> Allow me to be very explicit: it is harder to parse an HTTP Date header
>>> than properly than casting a 32bit integer and flipping their order. The
>>> attack surface is very small and easy to audit.
>>
>> Just discovered that tlsdated in tlsdate-0.0.6 is dying with a
>> segmentation fault after a while. Not surprised after seeing the code
>> ? my experimentation with this gimmick is finally over. Turns out that
>> ?throw something together and wait for patches? is not a sound
>> development approach.
>
> Did you get a stack trace?
>
Not that I've seen - Maxim is often extremely harsh - don't take it
personally.
> Also, yes, tlsdated is not very well-written. I wrote it in a great hurry and
> now don't really have time to undo the worst of the hacks :(. Patches gratefully
> accepted.
I haven't really touched it as I consider you to generally be the owner
of that part of the code. What specifically do you think we should re-write?
All the best,
Jacob
More information about the tor-talk
mailing list