Renewing expiring key - done correctly?
Robert J. Hansen
rjh at sixdemonbag.org
Thu Dec 5 04:04:44 CET 2013
On 12/4/2013 6:13 PM, Leo Gaspard wrote:
> So you could only delay the expiration date by 15 min... So useful ?
Sure. I can think of three ways to leverage a 15-minute maximum shift
into dialing the clock back to whenever I want. I'm sure if I were to
spend more time thinking I could find more ways. Spend some time
considering the problem: it's a fun thought experiment and will help
sharpen your skill at thinking like an attacker.
NTP is not, and was never meant to be, secure against a malicious
adversary. It's resistant against random failures, but an attacker is
going to induce conditions that are very far from random.
More information about the Gnupg-users
mailing list