Interesting bug - apparently ntpd only cares about the 32 lowest bits of your system time. But your system stores more than 32 bits of time: https://rachelbythebay.com/w/2017/09/27/2153/
Edit: good going Discourse, de-capitalized the thread from NTP to Ntp.
This thread reminded me of this video about the fact the devs often trust your system time when they shouldn’t. Especially because the most widely adopted forms of NTP (NTPv1 and NTPv2) have no authentication methods. NTPv3 has a symmetric key crypto scheme to authenticate that there was non MitM or other tom foolery. Sadly however NTPv3 isn’t widely adopted but that doesn’t matter because even if it were the newest NTP version requires that the keys be shared ‘out of band’. Which is excellent because NIST offers to help you with this by transmitting your symmetric keys IN A GODDAMN ENVELOPE. (seriously the video is entertaining)
Perhaps one of the only interesting things to say about NTP, other than like an in depth how-to on setting it up.
A well configured NTP daemon, even without any crypto, is pretty resilient to meaningful attacks. You point it at 3-5 disparate time servers. Someone would have to compromise the majority of THEM to attack you, and even then could only push your time slowly away from real time.
Or, you’d have to control the network enough to redirect the NTP requests to compromised servers.
PTP is what all the cool kids are using. Unless it’s production servers, there’s no reason to do this.
Not true at all. No need to compromise any desperate time servers. Because NTP itself was written in a time before secure communication was really a concern it just casually throws it’s traffic in plain text across wires. Owning any hop between your host and those time servers is enough to casually alter on the fly any and all NTP traffic.
Owning one of those hops is itself an unlikely proposition, and even if it were to occur you still can’t push the time too much. Over time you can skew a clock, but you can’t just set a different time. ntpd will just crash if the time is too far off, and a human will then have to investigate.
Honestly I have no idea. Going from OSI exactly bits are going over that cable but what form those bits take is beyond me. Probably like a voltage differential. Point I’m making is unencrypted is unencrypted. If you know the protocol you can read and modify the traffic.
The European commission will recommend that EU member states abandon the practice of changing the clocks in spring and autumn, with many people in favour of staying on summer time throughout the year.