[ntp:hackers] SHA1 for symmetric keys?
hmurray at megapathdsl.net
Thu Dec 10 07:11:27 UTC 2015
brian.utterback at oracle.com said:
> Does ntpd support SHA1 for symmetric keys? Looking at the docs it suggests
> that the ntp.keys file should be generated with ntp-keygen rather than by
> manual editing. Running ntp-keygen creates a file with both MD5 and SHA1
> keys, but when I try to use them ntpd says "invalid key type" for all of the
> SHA1 keys. Not to mention I never heard anyone say not to edit the ntp.keys
> file by hand. Am I misunderstanding the whole thing?
I don't know of any reason why you can't edit your keys file by hand. (There
are plenty of ways to screw it up, but that's a different issue.)
SHA1symmetric keys do work, but it requires a library. I have a test case
working after configuring with --with-crypto
If you don't have the library available when you build ntp-keygen, it won't
make any SHA1 keys. If it does make SHA1 keys, the library is installed on
your system and I think all you have to do is find the right options when
configuring to make ntpd.
These are my opinions. I hate spam.
More information about the hackers