Le 02/04/2018 à 17:00, Teddy Hogeborn a écrit : > So we'll do it the hard way, by > setting the system clock, like you did.
I've just discovered a security issue with setting the date in the future : I have 2 Pis, serving both as a client and a server for each other. When I reboot one, the date is incorrect, and its mandos server fires up BEFORE the date is actually corrected by NTP. During this time, mandos-monitor displays a HUGE validity period for its clients (somehow calculated from the last ping but that's weird) and I assume it would then happily give the key to a client who has been offline for longer than authorized - turn on both machines, boot them anytime together, and they will happily give the key to each other. Of course this behaviour would permit defeating the whole system for severs without a properly set RTC. I think that some test should be added to the server to temporalizy "freeze" sending keys to a client which "last ping" is either in the future or in a remote past, or if the system date is somewhere in 1970... Or maybe too far away from the last recorded activity... It also raises the issue of "Mallory" playing with RTC settings in BIOS, or powering up a set of machines on a LAN with a rogue ntp server... ॐ -- Michel Bouissou <mic...@bouissou.net> OpenPGP ID 0xEB04D09C
signature.asc
Description: OpenPGP digital signature
