IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [timestamp]

For questions relating to physical or digital timestamps, usually as part of a cryptographic protocol, logging, or auditing requirement. Please use the tag [time] for questions relating to system clocks.

Timestamps are used to denote the date and time at which an event occurred, typically as meta-data.

Their application to security ranges from modification times on files, to use of timestamps in cryptographic protocols to prevent replay attacks.

96 questions
3
votes
1 answer

When would a Authenticode signature expire?

I'm curious about how Windows check the Authenticode signature. For example, I would sign test.exe I know that if test.exe doesn't have a TS (timestamp) signature from a TSA (Timestamp Authority), the signature would expire after the…
Jemmy1228
  • 195
  • 1
  • 6
3
votes
2 answers

Can a time stamp protect a signature with the obsolete SHA1?

I am trying to figure out the scope of SHA1 deprecation for existent signatures. Reading this.An attacker (after 110 years) could present a fake document for a valid signature I believe this only affect to integrity between signature and document …
pedrofb
  • 270
  • 1
  • 9
3
votes
1 answer

Is RFC 3161 necessary?

As I've been implementing RFC 3161 software components, I got to thinking about running my own TSA and how one really proves the integrity of a time stamp (preferably without violating patents). I researched and considered all of the technical…
Chris
  • 31
  • 1
3
votes
1 answer

SHA-256 Timestamp not recognized in windows 7 when dual signed

I wanted to dual sign my exe so that the XP and Vista users can use the software. But when i dual sign the exe with SHA1 and SHA256 timestamps, In windows7 only 1 timestamp is shown. To dual sign I used signtool of windows sdk 8.1 and my…
IT researcher
  • 143
  • 1
  • 4
3
votes
0 answers

Is there a cryptographically secure way to verify the date of a process?

I have a few git repositories of content that will be updated constantly over the next decade. At some point down the road I anticipate being asked to prove that the content was actually in the state I claim it was based on the commit history. In…
Caleb
  • 1,334
  • 11
  • 20
3
votes
2 answers

Could I use a TimeStamp also as IV?

For an academic application, I use AES-GCM to encrypt my frames between 2 parties. To enhance security, and reduce the possibility of replay, I'd like to use a TimeStamp in my frame exchanges. But, as I use the GCM mode, I need to tranmsit the…
3isenHeim
  • 313
  • 1
  • 13
3
votes
5 answers

Proving an action was done at an exact time - a posteriori

I was thinking about the way git allows to edit the timestamp on commits, and how you can rewrite (public) history that way. I then drifted from that to "can we prove someone did an action at time X a posteriori? " to prevent these rewrites. And…
Jiby
  • 143
  • 5
2
votes
1 answer

Is a Fernet token's timestamp a security risk?

A Fernet token has the following format: Version ‖ Timestamp ‖ IV ‖ Ciphertext ‖ HMAC As the above shows, the timestamp is not part of the ciphertext, so anyone can read the time the token was made. In a live stream of data this may not be a…
matsjoyce
  • 125
  • 7
2
votes
1 answer

Is code-signing with a non-ssl timestamp unsafe?

Assuming your code-signing tool is secure (e.g., does not suffer from buffer overflow exploits and the like), is there any reason to be concerned if a time-stamping service is not running over SSL? Obviously, a MITM attack could do slightly annoying…
Brian
  • 932
  • 5
  • 17
2
votes
1 answer

Expiring Decryption Key

So, I'm just a programmer -- I don't know much about cryptography so bare with me and my lack of knowledge in this realm. But essentially, I'm wanting to cache data that could be potentially volatile ( ie -- change or delete over time ). One…
Full Metal
  • 55
  • 1
  • 5
2
votes
0 answers

Should I re-timestamp old timestamps when switching to a stronger algorithm?

One of our clients uses a trusted timestamp service to prove that certain documents existed on the day they were created (they don't need a full digital signature, just the timestamp). The server uses OpenSSL to create a timestamp query, receives a…
Botond Balázs
  • 121
  • 4
2
votes
3 answers

How to capture not only the mtime but also the ctime when making forensic copies of files?

Context I'm investigating a compromised Linux box where I found files with malicious code. The file system is too big to just make a copy of the whole block device and so far I'm only interested in the files of a not so big sub-directory. While the…
Axel Beckert
  • 175
  • 9
2
votes
1 answer

Signature and Timestamp for Long Term Document Archival Question

I have a PDF document intended for long-term (many years, maybe decades) archival which I would like to digitally sign with my personal certificate to ensure its integrity. As far as I understand, I need to timestamp the signature in order to ensure…
Petr
  • 121
  • 1
2
votes
4 answers

How to extract TSA certificate from tst file?

I have several timestamp token files that I think should have TSA certificates embedded within them because the "Request TSA certificate" option was selected when I requested them with TimeStampClient. Now I want to verify them with openssl with a…
user273084
  • 247
  • 3
  • 7
2
votes
1 answer

Reliability of scanning tools on icmp timestamp responses

A security auditor has done a vulnerability scan of our network and found that one of our server has returned an TCP timestamp response such that the scanner (Nmap) is able to guess the uptime of the server. Does this constitute a real threat and…
Pang Ser Lark
  • 1,929
  • 2
  • 16
  • 26
1 2
3
4 5 6 7