[ntp:questions] NTP packets with MACs longer than SHA1

Miroslav Lichvar mlichvar at redhat.com
Tue Mar 12 08:22:25 UTC 2019

On 2019-03-11, Nelson Bolyard <nbolyard at silverspringnet.com> wrote:
> NTPv3 supported MD5 and SHA1 Message Authentication Code (MACs) of
> length 16 and 20 bytes respectively.  RFC 5906 says that NTP V4
> supports any MAC, but offers no advice about how to send MACs that are
> longer than 20 bytes, such as SHA256 MACs.
> Are longer MACs sent in their entirety?
> Are they truncated to 20 bytes? or to 16 bytes?

The digests are truncated to 20 bytes in order to follow RFC 7822.

Miroslav Lichvar

More information about the questions mailing list