sdwdate: Secure Distributed Web Date
sdwdate - Secure Distributed Web Date - in Whonix
sdwdate Documentation[edit]
Whonix specific[edit]
Whonix sets configuration option RANDOMIZE_TIME=true
through package anon-apps-config /etc/sdwdate.d/40_anon-apps-config.conf
RANDOMIZE_TIME=true
.
prerequisite knowledge: Timezone
Do sdwdate issues impact anonymity?[edit]
sdwdate failing doesn't mean deanonymized.
Even sdwdate does not work, there's still Boot Clock Randomization
To put it into perspective, Tor Browser Bundle on the host operating system (unrelated to Whonix) have neither sdwdate nor Boot Clock Randomization.
This is similar to asking "How secure is Whonix)?" See: Security Overview and Whonix Protection against Real World Attacks.
sdwdate-gui makes Tor issues in more visible due to its graphical indication and easily accessible logs. It would be an Unsubstantiated conclusion to deduct that sdwdate is the cause of Tor issues.
The time of sdwdate issues matters. If sdwdate fails
- A) during its first run after boot then that's worse than,
- B) sdwdate failing during any subsequent runs.
In case of A), the user would only be protected by Boot Clock Randomization .
In case of B), it is less of an issue because it is only for time keeping in long running VMs. For example, if sdwdate succeeded after boot but then would only succeed once per day in long running VMs that might still be good enough.
Planned sdwdate-gui enhancements include:
- Only showing sdwdate failure if sdwdate failed after boot and multiple times in long running VMs.
- Making Tor log output (
anon-log
) more accessible. This might help to redirect the often misplaced attention on sdwdate to Tor.
See Also[edit]
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!