[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

On Fri, Jul 20, 2012 at 3:07 AM, Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:
> Allow me to be very explicit: it is harder to parse an HTTP Date header
> than properly than casting a 32bit integer and flipping their order. The
> attack surface is very small and easy to audit.

Just discovered that tlsdated in tlsdate-0.0.6 is dying with a
segmentation fault after a while. Not surprised after seeing the code
— my experimentation with this gimmick is finally over. Turns out that
“throw something together and wait for patches” is not a sound
development approach.

Maxim Kammerer
Liberté Linux: http://dee.su/liberte
tor-talk mailing list