IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [timestamp]

For questions relating to physical or digital timestamps, usually as part of a cryptographic protocol, logging, or auditing requirement. Please use the tag [time] for questions relating to system clocks.

Timestamps are used to denote the date and time at which an event occurred, typically as meta-data.

Their application to security ranges from modification times on files, to use of timestamps in cryptographic protocols to prevent replay attacks.

96 questions
1
vote
3 answers

Is it safe to include timestamps in error codes that are shown to the users?

If an error occurs, our web shop generates an error-code that is shown to the user. At the moment, it does not contain a time stamp but only the day of the month. That is non-intuitive but I assume the original intention was to give potential…
Philipp Claßen
  • 1,024
  • 1
  • 8
  • 15
1
vote
1 answer

Keeping signatures valid even after the private key has been compromised

If I understand the topic of digital signatures correctly, you sign a message via hashing+encrypting it using your private key. Then, if a private key is compromised by an attacker, she could sign stuff pretending she's you. This way, any…
Giuseppe Crinò
  • 113
  • 5
1
vote
1 answer

OpenTSA and PKCS11

We are planning to implement the time-stamping service (RFC 3161) using OpenTSA and we wanted to know: Does OpenTSA support PKCS #11 (Cryptoki) to talk to HSMs? BTW: I did not find documentation or much information on OpenTSA. It would be really…
java_enthu
  • 121
  • 6
1
vote
2 answers

Can I save & store a user's data in a way that proves that the information has not been altered, and that the timestamp is accurate?

There are many situations where the validity of the timestamp attached to a certain post (submission of information) might be invaluable for the post owner's legal usage. I'm not looking for a service to achieve this, as requested in this great…
user47733
1
vote
1 answer

Is long-term validity definitively corrupted upon TSA certificate revocation?

Suppose a document that was signed with a long-term signature (e.g. CAdES-A): D S T1 (D - document, S - signature, T1 - time-stamp created using a time-stamping certificate C1). If C1 appears in the TSA's CRL, is there a way or a time period (an…
xarx
  • 143
  • 5
1
vote
1 answer

Why is ICMP timestamping disabled on OS X?

It would seem like ICMP timestamping is quite a useful feature for troubleshooting networks with asymmetric paths. Replies to icmp(4) timestamp requests are generated by the kernel: On OpenBSD, the feature is controlled by sysctl…
cnst
  • 1,884
  • 2
  • 19
  • 30
1
vote
1 answer

Interaction of a Code Signature and a Timestamp token from a TSA

I'm currently in the process of writing a program that: Reads a binary file (a C++ program) and creates a SHA256 hash of the data (like a checksum) Use this calculated hash and a self signed CA certificate to create a CMS signature using the…
Xershy
  • 13
  • 2
1
vote
3 answers

Proving that a file existed at a time

How do I acquire the means to prove in the future that I had possission of a file now, without relying on the integrity of a single entity? (I believe one way of doing it would be to put the file through SHA1, and send a minimal amount of Ether…
Callaeschrus
  • 11
  • 2
1
vote
0 answers

What are the main constraints x9.95 imposes on RFC3161

So x9.95 seems to be a trusted timestamping scheme built on top of RFC3161. I couldn‘t find a good definition though how it differes or what additional constraints it imposes. Can someone list the (technical) constraints that a x9.95 system fulfills…
matthias_buehlmann
  • 565
  • 4
  • 12
1
vote
0 answers

Looking for an RFC5816 token that does not use default hashing algorithm

I'd like to test some code that should be compatible with both RFC5816 (https://www.ietf.org/rfc/rfc5816.txt) as well as RFC3161 tokens. The problem is that all timestamping services that I found so far which serve RFC5816 tokens (which use…
matthias_buehlmann
  • 565
  • 4
  • 12
1
vote
0 answers

How to store RFC3161 token for long term validation?

My question is about how to properly store RFC3161 tokens, so that their validity can be verified for a long time (aka "long term validation") Let's say I use an RFC3161 (https://www.ietf.org/rfc/rfc3161.txt) to timestamp data (not signatures in…
matthias_buehlmann
  • 565
  • 4
  • 12
1
vote
3 answers

Is it safe to assume that my computer's clock will always be synced with actual time within the second or a few seconds at the worst?

Years ago, I was running a service where the moderators were able to do various actions with massive privacy implications if the accounts or contributions were less than a short period of time. I did this by checking the timestamp against the…
Ned
  • 11
  • 1
1
vote
1 answer

Is it possible to verify that a signature was made prior to the content of the document it is found on?

In What to do after I signed a blank sheet of paper given to me by my manager?, a distressed individual (B) has signed a blank piece of paper and given it to an adversary (A). A has openly stated to B that her intention is to use this paper to…
Fiksdal
  • 3,076
  • 3
  • 18
  • 29
1
vote
0 answers

Is it possible that a usb drive manufactured 3 months ago can have data copied to it that shows the file last modified date before manufacturing date?

I have some data that needs to be handed to a friend. I don't want to give the original drive (drive-1), so I plan to purchase a drive (drive-copy) and copy data to it. The data copied will still show last modified date for files to be the original…
Joe Black
  • 111
  • 3
1
vote
2 answers

Is it possible to verifiably timestamp a video?

I am wondering if there is a way to timestamp a video. (e.g. Security camera footage) I know that there is a way to timestamp a document with a trusted time authority, and it will certainly be possible to cut the video, send it to a time authority…
user186505
1 2 3
4
5 6 7