Jump to: navigation, search

Sdwdate

This page contains changes which are not marked for translation.


sdwdate - Secure Distributed Web Date - Homepage

Time keeping is crucial for security, privacy, and anonymity. Sdwdate is a Tor friendly replacement for rdate and ntpdate that sets the system's clock by communicating via onion end-to-end encrypted TCP with Tor onion webservers. Time providers are exclusively reputable sources (whistle-blowing and privacy friendly onion sites) that are highly likely to be hosted on different hardware.

At randomized intervals, sdwdate connects to a variety of webservers and extracts the time stamps from http headers (RFC 2616).

Comparison of sdwdate and ntp

sdwdate ntp
written in memory-safe language Yes No
distributed trust Yes No
secure connection by default (authentication and encryption) Yes No
gradual clock adjustments Yes Yes
daemon Yes Yes
works over Tor Yes No [1]
does not require Tor No Yes
client, time fetcher Yes Yes
server, time provider No, not yet Yes
Apparmor profile Yes Yes
drop-in config folder Yes No
proxy support Yes No [2] [3]
can be secured by default on linux distribution level Yes No [4]
secure Yes No [5]
optional gui Yes, sdwdate-gui (a systray icon) No

See also:

TODO:

  • server, time provider
  • sdwdate issue tracker:

https://phabricator.whonix.org/project/view/6/

Authentication of Servers[edit]

sdwdate only connects to Tor hidden services, which are encrypted by default and do not rely on SSL CA's. It also uses three different pools of time sources, and if there are too many that fail for any given pool, e.g. because of replying with invalid data or being unreachable, the pool is considered to be potentially compromised and sdwdate aborts.

sdwdate source pools[edit]

What sources should be trusted? This is of course also a problem with NTP.

The sdwdate pools used by Whonix are based on stable and reliable Tor hidden service web servers. They are categorized into three different pools according to their members' relationship to the members in the other pools; any member in a one pool should be unlikely to share logs (or other identifying data), or to agree to send fake time information, with a member from the other pools.

The pools are listed in /etc/sdwdate.d/30_default.conf.

Basically, sdwdate picks three random servers - one from each pool, and then builds the mediate of the three advertised dates.

sdwdate is only using 'pal' pools. Not using 'neutral' and 'foe' pools as tails_htp, because no good reasoning for that has been provided. [6] [7]

Trusted Time Sources[edit]

The sources are listed here to keep track of pool candidates:

Footnotes[edit]

  1. Requires UDP which is unsupported by Tor, see Tor#UDP.
  2. http://lists.ntp.org/pipermail/questions/2007-October/015754.html
  3. http://linux.derkeiler.com/Mailing-Lists/Debian/2003-07/0361.html
  4. NTP security vulnerability because not using authentication by default
  5. See Dev/TimeSync#NTP.
  6. https://github.com/Whonix/Whonix/issues/310
  7. https://labs.riseup.net/code/issues/8283

Random News:

Did you know that anyone can edit the Whonix wiki to improve it?


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)