Actions

Boot Clock Randomization

From Whonix


Randomizationclock321423.jpg

Introduction[edit]

The TimeSync page notes:

  • Using Boot Clock Randomization, i.e. after boot, the clock is set randomly between 0 and 180 seconds into the past or future. This is useful to enforce the design goal, that the host clock and Whonix-Workstation ™ clock should always slightly differ. It is also useful to obfuscate the clock when sdwdate itself is running, because naturally at this time, sdwdate hasn't finished.
  • sdwdate runs after booting.

By randomly moving the system clock a few seconds (and nanseconds) in the past or future during boot, this enforces the design goal of a slightly different host clock and Gateway/Workstation clock, even before secure timesync has succeeded. This prevents time-based fingerprinting and linkability issues, thereby improving anonymity and privacy. [1]

For technical discussion on the Boot Clock Randomization design, see here [archive]. [2]

Log Inspection[edit]

sudo journalctl -b --no-pager -u bootclockrandomization

Disable[edit]

Info Disabling of Boot Clock Randomization is discouraged because it is not usually required. However, it may be useful for offline (vault) VMs.

Run the following command. Note:

  • Qubes-Whonix: Use a StandaloneVM or a separate TemplateVM.
  • Non-Qubes-Whonix: No extra steps are required.

sudo systemctl mask bootclockrandomization

Boot Clock Randomization will no longer occur after reboot.

See Also[edit]

Footnotes[edit]

  1. https://github.com/Whonix/bootclockrandomization [archive]
  2. Notably, one recent change is the 0-5 second time window is no longer excluded in the process as it was found to aid fingerprinting.


Fosshost is sponsors Kicksecure stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Boot Clock Randomization&body=https://www.whonix.org/wiki/Boot_Clock_Randomization link=https://reddit.com/submit?url=https://www.whonix.org/wiki/Boot_Clock_Randomization&title=Boot Clock Randomization link=https://news.ycombinator.com/submitlink?u=https://www.whonix.org/wiki/Boot_Clock_Randomization&t=Boot Clock Randomization link=https://mastodon.technology/share?message=Boot Clock Randomization%20https://www.whonix.org/wiki/Boot_Clock_Randomization&t=Boot Clock Randomization

There are five different options for subscribing to Whonix ™ source code changes.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.