From owner-freebsd-questions@FreeBSD.ORG  Fri Mar 11 13:27:34 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 217AB16A4D5
	for <freebsd-questions@freebsd.org>;
	Fri, 11 Mar 2005 13:27:34 +0000 (GMT)
Received: from trans-warp.net (hyperion.trans-warp.net [216.37.208.37])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A452B43D1F
	for <freebsd-questions@freebsd.org>;
	Fri, 11 Mar 2005 13:27:33 +0000 (GMT)
	(envelope-from bsilver@chrononomicon.com)
Received: from [127.0.0.1] (unverified [65.193.73.208]) 
	by trans-warp.net (SurgeMail 2.2g3) with ESMTP id 15313 
	for <freebsd-questions@freebsd.org>; Fri, 11 Mar 2005 08:27:35 -0500
Mime-Version: 1.0 (Apple Message framework v619.2)
In-Reply-To: <1735368246.20050311044408@wanadoo.fr>
References: <751280160.20050311034539@wanadoo.fr>
	<20050311025906.GD72527@hub.freebsd.org>
	<1735368246.20050311044408@wanadoo.fr>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <56f756c499c68c62c6706fef0e896cb2@chrononomicon.com>
Content-Transfer-Encoding: 7bit
From: Bart Silverstrim <bsilver@chrononomicon.com>
Date: Fri, 11 Mar 2005 08:27:36 -0500
To: freebsd-questions@freebsd.org
X-Mailer: Apple Mail (2.619.2)
X-Server: High Performance Mail Server - http://surgemail.com
X-Authenticated-User: bsilver@chrononomicon.com 
Subject: Re: Clock slew vulnerability in FreeBSD?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2005 13:27:34 -0000


On Mar 10, 2005, at 10:44 PM, Anthony Atkielski wrote:

> Kris Kennaway writes:
>
>> Isn't this a non-problem if you use ntpd?
>
> Unfortunately, no, because the TCP stacks on most systems don't use the
> disciplined clock provided by NTP for the timestamps.  Instead they use
> a clock based directly on the RTC, which reveals a characteristic skew
> that is unique to each machine.
>
> If the stacks used the NTP-disciplined actual time of day, plus perhaps
> a randomizing factor to avoid revealing patterns, this technique would
> become useless.

Wouldn't the skew resolution necessary for this tracking technique 
become useless with temperature variations, humidity, etc. that can 
affect most systems over the course of the day/week/year?