Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

sdwdate way of verifying the time source accuracy

I am interested in sdwdate way of verifying the time source accuracy, for example does it fetch multiple sources at same time despite one successfully returning time in order to verify that the source is not malicious ?

sdwdate only connects to Tor onion services, which are encrypted by default and do not rely on SSL certificate authorities (CAs). Three different pools are used for time sources so that if too many connections fail for any given pool, [8] the pool is considered as potentially compromised and sdwdate aborts.

sdwdate uses the median time (not average) fetch result.

In basic terms, sdwdate picks three random servers - one from each pool - and then builds the mediate (middle position) of the three advertised dates.