[ntp:hackers] A stop-gap authenticated time service

Terje Mathisen terje at tmsw.no
Tue Nov 10 15:02:37 UTC 2015


Poul-Henning Kamp wrote:
> --------
> In message <20151110100916.GS11550 at localhost>, Miroslav Lichvar writes:
>> I think that depends on what error is acceptable.
> Of course it does!
>
> But there is a very big difference between "Drive-by attacker can
> shift your clock *anywhere he wants* and "determined attack can
> shift it a second or two before you notice".
>
phk is hitting the key point here:

With no attacker, the https HEAD gives at least second, and probably 
sub-128 ms accuracy, while under a maximum attack (giving multiple 
seconds RTT for the HEAD request, you simply note the fact that you're 
probably under attack and start looking at all NTP relies with strong 
suspicion. :-)

Terje

-- 
- <Terje at tmsw.no>
"almost all programming can be viewed as an exercise in caching"



More information about the hackers mailing list