11 May
2016
11 May
'16
8:08 p.m.
On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said:
* Chris Adams:
First, out of the box, if you use the public pool servers (default config), you'll typically get 4 random (more or less) servers from the pool. There are a bunch, so Joe Random Hacker isn't going to have a high chance of guessing the servers your system is using.
A determined attacker will just run servers in the official pool.
Such attacks have allegedly been attempted against Tor by certain very well funded adversaries. Thus my statement that if you're seeing that scale attack on your time sources, the fact that your time source is being attacked is the *least* of your problems...