lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: 3APA3A at SECURITY.NNOV.RU (3APA3A)
Subject: Security aspects of time synchronization infrastructure

Dear 3APA3A,

--Friday, August 20, 2004, 10:21:51 AM, you wrote to mvp@...ware.net:


3> Before  Windows  2000 SP4 it was possible to set date far in future (for
3> example  to  2038). Locked accounts, expired certificates in addition to
3> "problem  2038"  (Jan,  19  2038 is maximum date value for 32 bit time_t
3> timestamp used in many C compilers). But setting date 12 hours in future
3> or 12 hours in past still can produce a lot of harm.

 Minor correction: because SNTP uses different timestamp format it's not
 possible to set date behind 2036. But it's not so important.

-- 
~/ZARAZA
???????? ????? ??? ???????????? ?????? - ???????.
?? ????? ???????, ?????? ???????????.  (???)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ