Re: [tor-talk] I've yet to understand clock skew attacks on hidden services
EVERYONE should be running NTP, of course, not the relatively few that do. If you happen to still be on a windows machine, here is a FREE utility And if you prefer the open source NTP standard that everyone else uses... http://support.ntp.org/bin/view/Main/ExternalTimeRelatedLinks And I'm quite certain that XP and newer have adequate native knobs, though likely only in ntpdate via cron fashion. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] I've yet to understand clock skew attacks on hidden services
On 2011-08-20, hi...@safe-mail.net hi...@safe-mail.net wrote: I've read a lot about it, but I'm hoping for a simplified explanation for a simplified guy. ;) If my hidden service server has a clock that is 5 minutes wrong, how can anyone use that to locate me? They can only use that to locate your server if they can either connect to it directly (not through Tor) or accept a non-Torified connection from it, and determine what your server thinks is the current time based on information it receives on that connection. The obvious ways that your server could leak its current time include running a web server and sending e-mail messages. The less obvious ways include opening an outbound TLS connection and running a cron job with externally observable effects (e.g. an automatic update downloader). Robert Ransom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk