sdwdate: Secure Distributed Web Date
Time keeping is crucial for security, privacy, and anonymity. sdwdate is a Tor-friendly replacement for rdate [archive] and ntpdate [archive] that sets the system's clock by communicating via end-to-end encrypted TCP with Tor onion webservers. Chosen time providers are exclusively reputable sources (whistle-blowing and privacy-friendly onion sites) that are highly likely to be hosted on different hardware.
sdwdate vs ntp
Table: sdwdate vs ntp Comparison
|Written in memory-safe language||Yes||No|
|Secure connection by default (authentication and encryption)||Yes||No|
|Gradual clock adjustments||Yes||Yes|
|Functional over Tor [archive]||Yes||No |
|Tor not required||No||Yes|
|Client, time fetcher||Yes||Yes|
|Server, time provider||No, not yet||Yes|
|Drop-in config folder||Yes||No|
|Proxy support||Yes||No  |
|Possible to secure by default on GNU/Linux distribution level||Yes||No |
|Optional GUI||Yes, sdwdate-gui (a systray icon)||No|
- Server, time provider
- sdwdate issue tracker: https://phabricator.whonix.org/project/view/6/ [archive]
sdwdate [archive] only connects to Tor onion services, which are encrypted by default and do not rely on SSL certificate authorities (CAs). Three different pools are used for time sources so that if too many connections fail for any given pool,  the pool is considered as potentially compromised and sdwdate aborts.
sdwdate Source Pools
Determining what sources should be trusted is an important issue; this is also a problem with NTP.
The various onion services are categorized into three different pools according to their members' relationship to the members in other pools. For instance, any member in one pool should be unlikely to share logs (or other identifying data), or agree to send fake time information, with a member from the other pools. In basic terms, sdwdate picks three random servers - one from each pool - and then builds the mediate (middle position) of the three advertised dates.
Trusted Time Sources
The links below are listed to keep track of pool candidates:
- https://en.wikipedia.org/wiki/SecureDrop [archive]
- https://freedom.press/securedrop/directory [archive]
- https://www.riseup.net/en/tor#riseups-tor-hidden-services [archive]
- https://en.wikipedia.org/wiki/GlobaLeaks#GlobaLeaks_uses [archive]
- site:http://leakdirectory.org [archive] onion
- Requires UDP which is unsupported by Tor, see Tor#UDP.
- http://lists.ntp.org/pipermail/questions/2007-October/015754.html [archive]
- http://linux.derkeiler.com/Mailing-Lists/Debian/2003-07/0361.html [archive]
- NTP security vulnerability because not using authentication by default [archive]
- See Dev/TimeSync#NTP.
- If replacing ntp with sdwdate, run the following command to avoid the installation of 160+ recommended packages:
sudo apt --no-install-recommends install sdwdate
- https://forums.whonix.org/t/sdwdate-and-headless-system/8491 [archive]
- For example, due to being unreachable or replying with invalid data.
- https://github.com/Whonix/Whonix/issues/310 [archive]
- https://labs.riseup.net/code/issues/8283 [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)