[time-nuts] Time security musing - attacking the clock itself
lists at lazygranch.com
lists at lazygranch.com
Tue Dec 4 00:01:53 UTC 2012
I have one of those key fobs. Does the code somehow inform the power the be about the drift in the built in clock? Or is the time element of the code so sloppy that the drift is acceptable?
-----Original Message-----
From: Jim Lux <jimlux at earthlink.net>
Sender: time-nuts-bounces at febo.com
Date: Mon, 03 Dec 2012 15:45:24
To: <time-nuts at febo.com>
Reply-To: Discussion of precise time and frequency measurement
<time-nuts at febo.com>
Subject: Re: [time-nuts] Time security musing - attacking the clock itself
On 12/3/12 9:32 AM, dlewis6767 wrote:
> I agree, Bob.
>
> Like the billboard on the side of the highway says: - Does Advertising
> Work? JUST DID -
>
> The bad guys can read this list same as the good guys.
>
>
Security through obscurity never works in the long run. Much better to
discuss vulnerabilities in the open, and discuss countermeasures that
are robust.
Clock synchronization is of great interest in a variety of crypto
systems where keys are changed on a predetermined schedule (the RSA two
factor authentication key fob is an interesting instance).
It's even trickier when you have to distribute "time" in a secure way
(in the sense that not only is the "at the tone, the time is" message is
reliable, but also that the timing of the "tone" is reliable).
The various redundancy and reasonableness checks (e.g. for GPS) are in
this area as well.
The question is: "Can I distribute timing information through a network
reliably"
_______________________________________________
time-nuts mailing list -- time-nuts at febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
More information about the time-nuts
mailing list