Last update: March 17, 2019. This website uses cookies. By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. More information

 Actions

Boot Clock Randomization

Introduction[edit]

The TimeSync page notes:

Using Boot Clock Randomization, i.e. after boot, the clock is set randomly between 0 and 180 seconds into the past or future. This is useful to enforce the design goal, that the host clock and Whonix-Workstation ™ clock should always slightly differ. It is also useful to obfuscate the clock when sdwdate itself is running, because naturally at this time, sdwdate hasn't finished. sdwdate runs after booting.

By randomly moving the system clock a few seconds (and nanseconds) in the past or future during boot, this enforces the design goal of a slightly different host clock and Gateway/Workstation clock, even before secure timesync has succeeded. This prevents time-based fingerprinting and linkability issues, thereby improving anonymity and privacy. [1]

For technical discussion on the Boot Clock Randomization design, see here. [2]

Manual Boot Clock Randomization[edit]

In the unlikely event that sdwdate fails to properly randomize the system clock, it is possible [3] to manually set a random value. Two options are available:

  • clock-random-manual-gui: a randomized clock setting (in UTC) is entered via a GUI.
  • clock-random-manual-cli: a randomized clock setting (in UTC) is entered on the command line. For example:
    echo "Fri Sep 30 22:20:00 UTC 2016" | /usr/bin/clock-random-manual-cli

This operation should be conducted in a Whonix-Gateway (sys-whonix) terminal.

A non-zero exit codes signifies an error, while 0 means it succeeded. [4]

Log Inspection[edit]

Open /var/log/bootclockrandomization.log in an editor.

If you are using a graphical environment, run.

kwrite /var/log/bootclockrandomization.log

If you are using a terminal (Konsole), run.

nano /var/log/bootclockrandomization.log

For an overview of the time synchronization mechanism in Whonix ™, see here.

Footnotes[edit]

  1. https://github.com/Whonix/bootclockrandomization
  2. Notably, one recent change is the 0-5 second time window is no longer excluded in the process, as it was found to aid fingerprinting.
  3. Since Whonix 14.
  4. Also see:
    man clock-random-manual-gui
    man clock-random-manual-cli

No user support in comments. See Support.

Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.


Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.


Random News:

Love Whonix and want to help spread the word? You can start by telling your friends or posting news about Whonix on your website, blog or social media.


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.