[ntp:questions] NTP Support SHA2 or not

Miroslav Lichvar mlichvar at redhat.com
Mon Oct 15 11:48:37 UTC 2018


On Sat, Oct 13, 2018 at 10:19:44PM -0400, Danny Mayer wrote:
> Sorry for the delay in responding. No, it doesn't work right now. I did
> test this out several years ago but the problem with SHA2 is the length
> of the resultant hash. There's no problem creating and sending such a
> MAC but the other side needs to be changed to be able to properly handle
> the resulting MAC. There are plans to change the code to properly deal
> with this and other types of hashing algorithms.

I think that may already have been implemented. Recent ntp versions
seem to truncate long MACs to 160 bits, so it should work with any
hash function supported by openssl. However, ntp-4.2.6p5-28.el7 from
RHEL/CentOS doesn't support it.

> 
> Danny
> 
> On 10/8/18 2:29 AM, Sharma12, Sachin wrote:
> > Hi,
> >
> > We are using ntp-4.2.6p5-28.el7, Please let us know whether the NTP support SHA2 with FIPS enable and disable?
> >
> > If not then please let us know when NTP support for SHA2 in future release?

-- 
Miroslav Lichvar


More information about the questions mailing list