Can you take advantage of the security benefits of Boot Clock Randomization even when sdwdate is disabled?

rocker642 · May 18, 2024, 8:54pm

Hello,

Any Help would be appreciated.

Patrick · May 18, 2024, 9:33pm

Yes, because these are completely separate packages.

rocker642 · May 19, 2024, 4:23pm

This is a problem for 2FA based on TOTP, unless the software runs its own independent clock, I don’t know of any that do that.

Crawfish · May 20, 2024, 5:49am

This is a problem for 2FA based on TOTP, unless the software runs its own independent clock, I don’t know of any that do that.

Interesting are you refering KeePass by any chance?
Why this would be an issue since 30 seconds is still 30 seconds regardless of if your clock is off?

Patrick · May 20, 2024, 12:24pm

In that case, you need to disable both. Boot Clock Randomization and
sdwdate. In that case, you might be better off using an offline VM
(“vault”).

rocker642 · May 23, 2024, 1:39pm

I have an Debian installation without kicksecure, but I notice that when I disable NTP services weeks later, the clock goes off by a few seconds, I notice this when the TOTP codes stop working.

is this common? well, that would explain why computers constantly synchronize their time

rocker642 · May 23, 2024, 1:43pm

happens with any software if the time is not synchronized with the real time.

for example, if the time is one minute ahead or one minute behind keepass will not function correctly.

Patrick · May 23, 2024, 3:09pm

Not sure what you definition of “normal” is.

But to be expected: yes.