[time-nuts] Roughtime

Chris Albertson albertson.chris at gmail.com
Wed Oct 5 05:17:55 UTC 2016 

The current system is very secure.  The paper is correct in the most users
don't bother with authentication or encryption.  I don't.    But let's say
some one tried to spoof me into thinking it is three seconds later then it
really is by some how setting up an NTP server that gives me incorrect
time.   It would be easy to set up such a server

But I use a set of five different servers all controlled by different
organizations and they are geographically distributed.   Also some of these
are randomly elected "pool" servers.  So even I don't know who I will ask
for time.   How could anyone corrupt all those servers?      The thing that
makes it secure is that it is VERY hard to lie about what time it is.   It
is almost impossible to lie about the time of day because there are some
many people one might ask and if you lie your answer will different from
the others

And if this ever did become a problem users would simply start using
cryptographic authentication

This reminds me of when they tied to scramble your location with GPS.
(called SA)  They would set the low order bits to what were in effect
random bits that you could not decode without knowing a the cryptographic
key.    So GPS lied to civilian users about their location.   Then some
smart guy thought "how can any one lie about where I am when I can look
down and see a survey marker hammered into the concrete.  All you need is a
network of users standing over survey markers to figure out

All that said, there is money to be made  by spoofing time.   If I can fool
a stock broker into accepting trades minutes late I could be rich.

On Tue, Oct 4, 2016 at 9:14 PM, Christopher Hoover <ch at murgatroid.com>
wrote:

> I just learned about this from a public post:
>
> https://roughtime.googlesource.com/roughtime/
>
> Not precise enough for us nuts, but intended to be secure.
>
> (I wonder how it handles leap seconds?   Too soon?  :-)   Actually, it
> smears.)
>
> -christopher.
> de AI6KG
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>



-- 

Chris Albertson
Redondo Beach, California

More information about the Time-nuts_lists.febo.com mailing list