[Cryptography] Best internet crypto clock
mitch at niftyegg.com
Mon Oct 20 18:34:05 EDT 2014
On Fri, Oct 17, 2014 at 6:32 PM, John Denker <jsd at av8n.com> wrote:
> On 10/17/2014 05:17 PM, Tom Mitchell wrote:
> > I am with you
> so far so good ....
> > except for the "grab NIST beacon" part. This implies that
> > the clock can be set and reset. ?
> Resetting the local clock hardware is not necessary, not
> desirable, and not implied by anything that was said.
Implied only by the choice of a DS-1307 part.
On an I2C device there is no Read/Write pin that can be cut
to force the device to be read only in the future. Only audited
software and software security covers that base.
I am a slightly cautious about this because I have had
to sift through system logs when time was changing
in a bad ways. In my case an international company
complained that the time of day on our system was moving by hours
once in a while. They told me that the network was isolated
I showed them that it was not... It turns out that a dual boot PC
which kept TOD in local time for WindowZ but should have
kept it as UTS for the *nix environment was the problem.
The data link was just a single wire to a room to a satellite
dish to another little room to a big building full of machines
that should have been firewalled from any production site.
Yes, NTP is a better tool than the old timed tool....
They wanted subsecond or better accuracy and precision
but hardware clock oscillators were not good enough so
they allowed a network tool...
BTW they were on an island and "they thought" all was local.
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography