Re: [Tails-dev] [tor-talk] secure and simple network time (…

Delete this message

Reply to this message
Author: Elly Jones
Date:  
To: tor-talk
CC: The Tails public development discussion list
Subject: Re: [Tails-dev] [tor-talk] secure and simple network time (hack)
On Fri, Apr 12, 2013 at 02:43:13PM +0300, Maxim Kammerer wrote:
> On Fri, Jul 20, 2012 at 3:07 AM, Jacob Appelbaum <jacob@???> wrote:
> > Allow me to be very explicit: it is harder to parse an HTTP Date header
> > than properly than casting a 32bit integer and flipping their order. The
> > attack surface is very small and easy to audit.
>
> Just discovered that tlsdated in tlsdate-0.0.6 is dying with a
> segmentation fault after a while. Not surprised after seeing the code
> — my experimentation with this gimmick is finally over. Turns out that
> “throw something together and wait for patches” is not a sound
> development approach.


Did you get a stack trace?

Also, yes, tlsdated is not very well-written. I wrote it in a great hurry and
now don't really have time to undo the worst of the hacks :(. Patches gratefully
accepted.

-- elly