[ntp:hackers] A stop-gap authenticated time service

Poul-Henning Kamp phk at phk.freebsd.dk
Tue Nov 10 10:19:41 UTC 2015

In message <20151110100916.GS11550 at localhost>, Miroslav Lichvar writes:
>On Tue, Nov 10, 2015 at 07:58:05AM +0000, Poul-Henning Kamp wrote:
>> The only variable left for the attacker to tamper with is the RTT
>> which I can reliably measure and thus detect said tampering.
>I don't think delay added in a MITM attack can be realiably detected.
>The attacker can increase the delay by a small amount and slowly, so
>it looks like the network is getting congested or the HTTPS server is
>overloaded and it needs more time to respond.

Right, and how much can he shift my time that way ?   He can shift it
at most the increased RTT.

So far I have yet to see a HTTPS server that didn't respond in at
most one second on an already established connection, and that was
a pretty pathological choice of HTTPS server, seen from Denmark.

So at best, he can shift my time a second or maybe two.

That's good enough for a LOT of purposes.

>Sure, the admin could set a very tight limit on the delay, but then it
>will drop measurements when the network really is congested or the
>server is overloaded.

Unlikely, see above.

>I think that depends on what error is acceptable.

Of course it does!

But there is a very big difference between "Drive-by attacker can
shift your clock *anywhere he wants* and "determined attack can
shift it a second or two before you notice".

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the hackers mailing list