[tor-talk] secure and simple network time (hack)

adrelanos adrelanos at riseup.net
Sat Jul 21 04:16:29 UTC 2012


intrigeri:
> Hi,
> 
> adrelanos wrote (18 Jul 2012 18:37:18 GMT) :
>> To make our life even worse... Sorry... But not using NTP and only
>> emmiting Tor traffic is also pretty clearly Tails. Because that puts
>> you in the group of users "Uses Tor, nothing else, but does not use
>> NTP? How many people act like this?". So you should at least emmit
>> a fake NTP query (when others that usuaally do) and drop it.
> 
> This is indeed true for a non-shared public IP, and is mitigated to
> some degree when sharing an IP (e.g. behind home router NAT,
> concurrently with others non-Tails systems).

Yes.

> Looks like we'll need to think a bit more what kind of fingerprinting
> resistance a system like Tails can reasonably pretend to at this scale.

Don't give up too early. Man ntpdate says there is "-q     Query only -
don't set the clock.". That's perfect for a fake NTP query.

I just haven't found out how to tell ntpd to do the same. That is
required for a good fake.


More information about the tor-talk mailing list