[tor-talk] Using Tor Hidden Services as Time Source
Dave Warren
davew at hireahit.com
Fri Feb 6 23:14:51 UTC 2015
On 2015-02-06 14:41, Patrick Schleizer wrote:
> Hello, I a developer of an anonymity-centric distribution. Called
> Whonix, it's similar to TAILS but optimized for virtual machines.
>
> We need to use a source to calibrate our system clock. For obvious and
> non-obvious reasons, that source can't be NTP. The way we do it at the
> moment is to fetch HTTP headers over SSL from trusted servers and use
> the timestamp data.
>
> We want to get rid of SSL and make use of the strong security properties
> of Tor's end-to-end encryption for Hidden Services in order to safeguard
> against clearnet SSL MITM attacks, which are within reach of powerful
> adversaries.
>
> Our plan is to contact hidden service operators, adding multiple
> trustworthy hidden services to the list for both redundancy and load
> distribution. Our estimated user base is 5000. The requests will only
> involve fetching an HTTP header from the server, similar to `curl --head
> atlas777hhh7mcs7.onion`.
>
> Before simply implementing this feature and hoping Tor handles the load
> without issue, we'd like expert (deep knowledge of Tor internals,
> network size, paths, etc) and (hopefully) official responses to our idea.
>
I assume you're okay with very low accuracy here, clock drift of over a
second will be quite common when using HTTP over Tor. This probably
isn't a big deal for desktop users, but but part of why NTP is generally
used is because it can allow for accurate time delivery even over
networks with higher latency, and somewhat inconsistent latency.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the tor-talk
mailing list