[time-nuts] Time security musing - attacking the clock itself

lists at lazygranch.com lists at lazygranch.com
Tue Dec 4 00:01:53 UTC 2012

I have one of those key fobs. Does the code somehow inform the power the be about the drift in the built in clock? Or is the time element of the code so sloppy that the drift is acceptable?

-----Original Message-----
From: Jim Lux <jimlux at earthlink.net>
Sender: time-nuts-bounces at febo.com
Date: Mon, 03 Dec 2012 15:45:24 
To: <time-nuts at febo.com>
Reply-To: Discussion of precise time and frequency measurement
	<time-nuts at febo.com>
Subject: Re: [time-nuts] Time security musing - attacking the clock itself

On 12/3/12 9:32 AM, dlewis6767 wrote:
> I agree, Bob.
> Like the billboard on the side of the highway says: - Does Advertising
> Work? JUST DID -
> The bad guys can read this list same as the good guys.

Security through obscurity never works in the long run.  Much better to 
discuss vulnerabilities in the open, and discuss countermeasures that 
are robust.

Clock synchronization is of great interest in a variety of crypto 
systems where keys are changed on a predetermined schedule (the RSA two 
factor authentication key fob is an interesting instance).

It's even trickier when you have to distribute "time" in a secure way 
(in the sense that not only is the "at the tone, the time is" message is 
reliable, but also that the timing of the "tone" is reliable).

The various redundancy and reasonableness checks (e.g. for GPS) are in 
this area as well.

The question is: "Can I distribute timing information through a network 

time-nuts mailing list -- time-nuts at febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

More information about the time-nuts mailing list