[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] secure and simple network time (hack)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] secure and simple network time (hack)
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Mon, 20 Feb 2012 15:58:53 -0800
Authentication-results: mr.google.com; spf=pass (google.com: domain of jacob@xxxxxxxxxxxxx designates 10.68.219.232 as permitted sender) smtp.mail=jacob@xxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 20 Feb 2012 18:59:08 -0500
In-reply-to: <CAHsXYDDybEjRvZSdXZucP2GybHH_4nSrEg3kfSjAipHqPVchZA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: id=42DDE84F; url=http://www.appelbaum.net/gpg.asc
References: <4F42AD50.4050807@xxxxxxxxxxxxx> <CAHsXYDDybEjRvZSdXZucP2GybHH_4nSrEg3kfSjAipHqPVchZA@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: mutt

On 02/20/2012 03:31 PM, Maxim Kammerer wrote:
> On Mon, Feb 20, 2012 at 22:30, Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:
>> Some people have taken to setting clocks with HTTP headers but I think that's a nightmare - not only
>> because people will parse the header with questionable code but also because of latency, amongst other things.
> 
> What questionable code? HTTP Date: header is standard (RFC 1123).

Whenever you parse a thing, there is code to do the parsing. That's the
code that is questionable. For tlsdate, I cast a few bytes as an
integer. It's well, quite straight forward to audit.

> HTPDate (C version) [1] does a rather good job of maintaining time
> from such headers, and with an obvious header parsing vulnerability
> fix and some improvements / feature additions [2] it is used in
> Liberté Linux without issues. The only downside is lack of https
> support.
> 

Totally unrelated to HTPDate - without https support, I think it suffers
from a pretty serious problem: it isn't securely transfering the data
from the server or authenticating it.

I haven't audited HTPDate but I generally think that using the TLS data
provides for all of the properties I'd want and almost zero issues that
I don't.

> [1] http://www.clevervest.com/htp/
> [2] https://github.com/mkdesu/liberte/blob/master/src/usr/local/portage/net-misc/htpdate/files/htpdate-1.0.4-robustness.patch
> 
>> Currently tlsdate only has one way to verify certificates to ensure that
>> the connection is secure - namely, it's the usual CA racket.
> 
> Does it mean that verification will fail if the clock is several years
> behind, for instance?
> 

It might. It depends. I have some things in the works to solve this
issue. One idea that I've been toying with is to include a few hard
coded times - compile time as an epoch, rather than 1970, recent time
fetches rather than 1970 and so on.

This will work securely with a clock drift of years but probably not
forty years.

>> I'd love some code review but also just some feedback.
> 
> Does become_nobody() drop group privileges as well?

It should eventually. It did at one point. I think right now that it
does not. I think that's a vote for doing so again. :)

> Is operation over
> Tor supported (I don't see any proxy handling)?
> 

If you `usewithtor` it should work without issues.

All the best,
Jacob
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] secure and simple network time (hack)
  - From: Jacob Appelbaum
- Re: [tor-talk] secure and simple network time (hack)
  - From: Maxim Kammerer

Prev by Author: [tor-talk] secure and simple network time (hack)
Next by Author: [tor-talk] help Tor release 0.2.3.x!
Previous by thread: Re: [tor-talk] secure and simple network time (hack)
Next by thread: [tor-talk] tor debian repository for non x86 arch? (arm)
Index(es):
- Author
- Thread