Actions

Boot Clock Randomization

From Whonix


Randomizationclock321423.jpg

Introduction[edit]

The TimeSync page notes:

  • Using Boot Clock Randomization, i.e. after boot, the clock is set randomly between 0 and 180 seconds into the past or future. This is useful to enforce the design goal, that the host clock and Whonix ™ clock should always slightly differ. It is also useful to obfuscate the clock when sdwdate itself is running, because naturally at this time, sdwdate hasn't finished.
  • sdwdate runs after booting.

By randomly moving the system clock a few seconds (and nanseconds) in the past or future during boot, this enforces the design goal of a slightly different host clock and VM clock, even before secure time synchornization has succeeded. This prevents time-based fingerprinting and linkability issues, thereby improving anonymity and privacy. [1]

For technical discussion on the Boot Clock Randomization design, see here [archive]. [2]

Log Inspection[edit]

sudo journalctl -b --no-pager -u bootclockrandomization

Disable[edit]

Info Disabling of Boot Clock Randomization is discouraged because it is not usually required. However, it may be useful for offline (vault) VMs.

Run the following command. Note:

  • Qubes-Whonix: Use a StandaloneVM or a separate TemplateVM.
  • Non-Qubes-Whonix: No extra steps are required.

sudo systemctl mask bootclockrandomization

Boot Clock Randomization will no longer occur after reboot.

See Also[edit]

Footnotes[edit]

  1. https://github.com/Whonix/bootclockrandomization [archive]
  2. Notably, one recent change is the 0-5 second time window is no longer excluded in the process as it was found to aid fingerprinting.


Fosshost is sponsors Kicksecure ™ stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Boot Clock Randomization&body=https://www.whonix.org/wiki/Boot_Clock_Randomization link=https://reddit.com/submit?url=https://www.whonix.org/wiki/Boot_Clock_Randomization&title=Boot Clock Randomization link=https://news.ycombinator.com/submitlink?u=https://www.whonix.org/wiki/Boot_Clock_Randomization&t=Boot Clock Randomization link=https://mastodon.technology/share?message=Boot Clock Randomization%20https://www.whonix.org/wiki/Boot_Clock_Randomization&t=Boot Clock Randomization

Please consider a recurring donation! Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.