Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Don't update NTP (Network Time Protocol) due to the lack of a secure authentication mechanism
[Short Version]
NTP is very old and got several updates from time to time. It's basically from the ealier 80s.
The problem is that modern TLS connections increasingly rely on the system time as a part of security concepts. This affects OSCP revocation checks, HPKP and HSTS. All of these have security considerations that in one way or another expect the time of your system to be correct.
tlsdate is on way to fix that (see source link).
Source:
https://github.com/bsdphk/Ntimed
http://phk.freebsd.dk/time/20140926.html
https://groups.google.com/a/chromium.org/d/msg/security-dev/oj2xXq3CF0E/f7BtsfkVhe8J
https://github.com/ioerror/tlsdate
http://zero-entropy.de/autokey_analysis.pdf
http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata
https://en.wikipedia.org/wiki/Network_Time_Protocol
https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf
https://github.com/PentesterES/Delorean
https://marc.info/?l=openbsd-tech&m=142356166731390&w=2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.