Hi list, One issue for anonymity-oriented LiveCDs (such as T(A)ILS[1] and Libertà Linux[2]) is the system time. Tor requires a reasonably correct system time, otherwise no circuits will be opened. This is a major problem for these LiveCDs since they generally route all traffic through Tor transparently (using netfilter/iptables and the like) so no Tor circuits implies no network access for the user. The obvious fix might seem to be to run something like NTP before Tor starts, but since NTP isn't authenticated at the moment[3] an adversary could intercept the NTP sync and force a crafted time on the user which later can be used to fingerprint the user if s/he uses some protocol/application which leaks system time. Hence NTP is out of the question. Libertà Linux has a novel solution to this problem[4] -- it sets the system time according to the Tor consensus' valid-after/until values, which essentially removes Tor's time skew check. We T(A)ILS developers are tempted to implement the same solution, but first we'd like to ask here if this is safe, or if it opens up for any unexpected type of attacks or problems. If any one has a completely different solution for the system time issue we're very interested in hearing that out as well. Cheers! [1] https://amnesia.boum.org [2] http://dee.su/liberte [3] Public key authentication is in the works, supposedly, but we need a working solution _now_. [4] https://liberte.svn.sourceforge.net/svnroot/liberte/trunk/liberte/src/root/bin/tor-date
Attachment:
signature.asc
Description: OpenPGP digital signature