[ntp:questions] NTP packets with MACs longer than SHA1

Danny Mayer mayer at pdmconsulting.net
Tue Mar 12 17:24:52 UTC 2019

On 3/12/19 4:22 AM, Miroslav Lichvar wrote:
> On 2019-03-11, Nelson Bolyard <nbolyard at silverspringnet.com> wrote:
>> NTPv3 supported MD5 and SHA1 Message Authentication Code (MACs) of
>> length 16 and 20 bytes respectively.  RFC 5906 says that NTP V4
>> supports any MAC, but offers no advice about how to send MACs that are
>> longer than 20 bytes, such as SHA256 MACs.
>> Are longer MACs sent in their entirety?
>> Are they truncated to 20 bytes? or to 16 bytes?
> The digests are truncated to 20 bytes in order to follow RFC 7822.
Actually it says that they can be no longer than 24 unless otherwise
negotiated by client and server. See Section In the
introduction it says it can be 20 or 24 bytes.


More information about the questions mailing list