0

Long ago I attended a workshop about encryption. Nothing too deep, just basics. One thing the teacher mentioned was that it's very important for encryption devices to have the same time setting. They use it as a part of their handshaking. If time differs too much, they will not connect despite all the other parameters being correct.

Now I know that the encryption devices we use (government manufactured devices for military encryption) use time this way. More than a minute off and they fail to connect.

Does this also apply for ordinary Wifi-routers that you buy at your local retailer?

Improve this question

1 Answer 1

Reset to default
2

WPA-Personal (PSK; single passphrase) does not use timestamps for anything at all.

WPA-Enterprise (EAP; username+password or username+certificate) typically uses TLS as part of the initial handshake. It relies on the time as much as TLS does in general (say, in HTTPS) – it doesn't enforce any particular maximum drift, but if the client's clock is off by days or months, then the EAP server's certificate may wrongly show up as expired or not-yet-valid.

Some other protocols used on Internet do have stricter clock drift requirements, e.g. Kerberos insists on a maximum of ~10 min, and DNSSEC signatures usually last one week. SSH and IPsec don't have such requirements (except as far as certificate validity goes, same as TLS).

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .