sdwdate: Secure Distributed Web Date

From Whonix
Jump to navigation Jump to search

sdwdate-gui Control Panel

sdwdate Documentation[edit]

Since Whonix ™ is based on Kicksecure ™, the user can follow the instructions on Sdwdate on the Kicksecure ™ website.

Whonix ™ specific[edit]

Whonix ™ sets configuration option RANDOMIZE_TIME=true through package anon-apps-config /etc/sdwdate.d/40_anon-apps-config.conf RANDOMIZE_TIME=true.

Do sdwdate issues impact anonymity?[edit]

sdwdate failing doesn't mean deanonymized.

Even sdwdate does not work, there's still Boot Clock Randomization

To put it into perspective, Tor Browser Bundle on the host operating system (unrelated to Whonix ™) have neither sdwdate nor Boot Clock Randomization.

This is similar to asking "How secure is Whonix ™)?" See: Security Overview and Whonix ™ Protection against Real World Attacks.

sdwdate-gui makes Tor issues in more visible due to its graphical indication and easily accessible logs. It would be an Unsubstantiated conclusion to deduct that sdwdate is the cause of Tor issues.

The time of sdwdate issues matters. If sdwdate fails

  • A) during its first run after boot then that's worse than,
  • B) sdwdate failing during any subsequent runs.

The latter is only for time keeping in long running VMs. For example, if sdwdate succeeded after boot but then would only succeed once per day in long running VMs that might still be good enough.

Planned sdwdate-gui enhancements include:

  • Only showing sdwdate failure if sdwdate failed after boot and multiple times in long running VMs.
  • Making Tor log output (anon-log) more accessible. This might help to redirect the often misplaced attention on sdwdate to Tor.