[time-nuts] Time security musing - attacking the clock itself
jimlux at earthlink.net
Mon Dec 3 23:45:24 UTC 2012
On 12/3/12 9:32 AM, dlewis6767 wrote:
> I agree, Bob.
> Like the billboard on the side of the highway says: - Does Advertising
> Work? JUST DID -
> The bad guys can read this list same as the good guys.
Security through obscurity never works in the long run. Much better to
discuss vulnerabilities in the open, and discuss countermeasures that
Clock synchronization is of great interest in a variety of crypto
systems where keys are changed on a predetermined schedule (the RSA two
factor authentication key fob is an interesting instance).
It's even trickier when you have to distribute "time" in a secure way
(in the sense that not only is the "at the tone, the time is" message is
reliable, but also that the timing of the "tone" is reliable).
The various redundancy and reasonableness checks (e.g. for GPS) are in
this area as well.
The question is: "Can I distribute timing information through a network
More information about the time-nuts