[ntp:hackers] Protocol specification modification for MS-SNTP

Andrew Bartlett abartlet at samba.org
Tue Jul 7 00:52:23 UTC 2009


On Mon, 2009-07-06 at 22:13 +0000, Dave Hart wrote:

> It would be preferable to me if we can manage to support both Autokey
> and Samba signing at the same time.  I think the only concession
> needed is breaking every 2^128th autokey and MD5 signature where the
> hash happens to be all zeroes.  

Aren't the odds that the universe would die a heat-death before this
occurs?  

> With care, even that should be
> avoidable if we treat a correctly-validated all-zeroes signature
> differently from one where our computed digest differs.

I suppose the real question is: will the autokey client retry with a
different signature after a short time? 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ntp.org/pipermail/hackers/attachments/20090707/70d7a0b7/attachment.bin 


More information about the hackers mailing list