[Cryptography] Best internet crypto clock

Tom Mitchell mitch at niftyegg.com
Mon Oct 20 18:34:05 EDT 2014


On Fri, Oct 17, 2014 at 6:32 PM, John Denker <jsd at av8n.com> wrote:

> On 10/17/2014 05:17 PM, Tom Mitchell wrote:
> > I am with you
>
> so far so good ....
>
> > except for the "grab NIST beacon" part.  This implies that
> > the clock can be set and reset. ?
>
> Resetting the local clock hardware is not necessary, not
> desirable, and not implied by anything that was said.
>


Implied only by the choice of a DS-1307 part.

On an I2C device there is no Read/Write pin that can be cut
to force the device to be read only in the future.  Only audited
software and software security covers that base.

I am a slightly cautious about this because I have had
to sift through system logs when time was changing
in a bad ways.   In my case an international company
complained that the time of day on our system was moving by hours
once in a while.   They told me that the network was isolated
I showed them that it was not...  It turns out that a dual boot PC
which kept TOD in local time for WindowZ but should have
kept it as UTS for the *nix environment was the problem.
The data link was just a single wire to a room to a satellite
dish to another little room to a big building full of machines
that should have been firewalled from any production site.
Yes, NTP is a better tool than the old timed tool....
They wanted subsecond or better accuracy and precision
but hardware clock oscillators were not good enough so
they allowed a network tool...

BTW they were on an island and "they thought" all was local.




-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141020/134b67ee/attachment.html>


More information about the cryptography mailing list