Page MenuHomePhabricator
Create Task
Maniphest T458

research if there are further local clock leaks on Whonix-Gateway
Open, NormalPublic
Actions

Description

Quite a few local clock leaks in upstream projects have been identified and reported.

I think, there might be others. This is because I was involved in reporting some of these local clock leaks. They were only fixed, because by chance I happened to read historic Tor trac development discussions, and then using logic to draw the right conclusions, then reported bugs. I didn't read the related source codes nor checked with a traffic analyzer that there are no other local clock leaks. And I find it very likely, that no one else ever did that either, because these issues remained unnoticed for years.

[1] I remember having read a thread about apt-get. It was mentioned, that it leaks the language to remote servers. Perhaps also installed packages. Among other stuff. Possibly also local clock? Would be good to have a list of these leaks.

TODO

  • 1) ask TPO to think through if there are any further local clock leaks -> check Tor for local clock leaks
  • 2) research leaks by apt-get [1]
  • 3) figure out, and check using a tshark or wireshark regex that searches for timestamps

Details

Impact
Normal

Related Objects
Search...

Event Timeline

Patrick created this task.Dec 21 2015, 11:30 AM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: security, research.
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, HulaHoop.
Herald added a project: Whonix. · View Herald TranscriptDec 21 2015, 11:30 AM
Herald added a subscriber: WhonixQubes. · View Herald Transcript
Patrick mentioned this in T385: New Proposal for Seamless Time-sync after Suspend-Resume.Dec 21 2015, 11:46 AM
Patrick added a parent task: T385: New Proposal for Seamless Time-sync after Suspend-Resume.Dec 21 2015, 11:47 AM
Patrick updated the task description. (Show Details)Dec 21 2015, 11:53 AM
HulaHoop added a comment.Dec 21 2015, 9:53 PM

Are the instructions similar to the leaktests I ran before? How can I get started on this?

Patrick added a comment.Dec 21 2015, 11:13 PM

I don't think there are any existing information. This requires original
research.

HulaHoop added a comment.Dec 22 2015, 12:29 AM

Apt is http with all that would mean. From research on http 1.1 only the server supports timestamp requests from the client nothing in the other direction. That makes sense or else a website can be able to know a workstation's time from an sdwdate query.

5034705359 added a subscriber: 5034705359.Sep 6 2016, 2:18 AM
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer