IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [timestamp]

For questions relating to physical or digital timestamps, usually as part of a cryptographic protocol, logging, or auditing requirement. Please use the tag [time] for questions relating to system clocks.

Timestamps are used to denote the date and time at which an event occurred, typically as meta-data.

Their application to security ranges from modification times on files, to use of timestamps in cryptographic protocols to prevent replay attacks.

96 questions
39
votes
2 answers

How to prove that a file was not created in advance

Sometimes we need to prove that a file was not created in advance - a good example is warrant canaries. The person releasing them may have been forced to sign the file with a future timestamp. For example, AutoCanary uses recent news headlines which…
Samuel Shifterovich
  • 876
  • 9
  • 18
38
votes
9 answers

How to prove a picture was taken before a certain date?

I need to prove that all my pictures were taken before a certain date. Is uploading them to Picassa, Flickr or a similar service a good way to achieve such timestamping?
nadia
  • 413
  • 1
  • 4
  • 3
17
votes
3 answers

Pros and cons of disabling TCP timestamps

So, lynis informs me that I should unset net.ipv4.tcp_timestamps. I know that's a bad thing because an attacker could figure out which updates that require restarting the machine I haven't applied, or they could use it to figure out my update…
Parthian Shot
  • 861
  • 2
  • 10
  • 18
14
votes
6 answers

What is the most credible timestamp I can create for a digital file?

Is it possible to create a timestamp that is so hard to fake, that it could be used as proof or simply strong evidence in a court of law, that something was not created after a certain point in time? The file could be anything; a word document, an…
Dom
  • 300
  • 1
  • 2
  • 9
12
votes
2 answers

TLS reliance on System Time

I'm interested to know if there is any reliance on system time (as defined by Linux or windows) when initiating a secure handshake. I'm aware that TCP typically uses a random number (RFC 1323) to provide a time stamp for message ordering, however…
Nark
  • 539
  • 1
  • 5
  • 15
12
votes
1 answer

What is the purpose of JSON Web Token (JWS)'s issued at "iat" field?

RFC 7519 specifies an optional "iat" field, indicating when a token was issued. The RFC provides a terse commentary: This claim can be used to determine the age of the JWT. What is the purpose of the "iat" field? For example, why would one want to…
jtpereyda
  • 1,430
  • 2
  • 16
  • 26
9
votes
3 answers

On-line cryptographically signed date/time?

I’m looking for a source of on-line cryptographically signed date/time. I do not need a full timestamp service, as I am happy with the information « date/time was that », without a link to a challenge/hash that I provide. I do not care if an active…
fgrieu
  • 1,072
  • 7
  • 19
9
votes
4 answers

What good, standard digital signature / timestamp verification clients are widely or easily deployed?

I'm looking for a good way to publish data along with a digital signature (and ideally a timestamp) which is as easy as possible to verify via software run locally on public data. For example, imagine an election administrator who wants to publish…
nealmcb
  • 20,544
  • 6
  • 69
  • 116
8
votes
2 answers

How do systems protect against a stolen code-signing certificate after the certificate expires?

Imagine this scenario: 1st December 2014 - a certificate is stolen and used to sign malware with 2014-12-01 timestamp. 15th December 2014 - the certificate is revoked. Malware will be prevented from running by systems that check CRLs. 31st December…
micro-maureen
  • 83
  • 1
  • 5
6
votes
2 answers

What are the real-time applications of long term digital signature with timestamp

I want to know the real time applications that uses digital signatures with timestamps. Specially I am interested to know the applications where we can trust an old signed document which is now expired.
Naveen Kumar
  • 61
  • 1
  • 2
6
votes
1 answer

Mitigate Time Spoofing Attack

Say Alice receives synchronized time from Tina the timekeeper. Say Ted spoofs a GPS signal, fooling Tina about the current time. Tina sends this fake time to Alice. What can Alice do to avoid being too seriously fooled? Are there implementations…
jtpereyda
  • 1,430
  • 2
  • 16
  • 26
5
votes
1 answer

Random padding in hash functions

In this answer, it was recommended that you add random padding when hashing messages for a trusted timestamp, such as for predictions, in order to avoid dictionary and brute force attacks (at least when the message itself doesn’t have much entropy,…
Daniel H
  • 153
  • 4
5
votes
1 answer

How is an Authenticode timestamp verified?

For an Authenticode signed file to be verifiable by Windows after the original signing certificate has expired (typically 1-3 years after issue), the file also needs to have a cryptographically signed timestamp that Windows can verify. There are a…
Michael
  • 2,118
  • 15
  • 26
5
votes
1 answer

Trusted Timestamping Scope and Real-World Uses

What security assurances does Trusted Timestamping based on Cryotography provide? What are the real-world uses of Trusted Timestamping?
Chris Smith
  • 153
  • 2
5
votes
0 answers

What's the merit of storing LTV (long term validation) information for RFC3161 tokens and what happens if a TSA private key would leak?

I'll formulate my question in regards to timestamped PDF, but I wonder actually about the long term validation of RFC3161 tokens in general. So, PAdES has the concept of Long Term Validation, which means (correct me if I'm wrong), that a document…
matthias_buehlmann
  • 565
  • 4
  • 12
1
2 3 4 5 6 7