[ntp:hackers] SHA1 for symmetric keys?

brian utterback brian.utterback at oracle.com
Fri Dec 11 02:07:49 UTC 2015

Trying to track down the problem I went searching for the error message
in the code, but couldn't find it. I did my original testing with a
virtual machine which unfortunately been destroyed, so I created a new
one. And now it works, with the exact same ntp.keys file and what I
thought was the same rev of ntpd.

So, here is a question, how difficult would it be to disable MD5 auth?
How about not building with MD5 but still use SHA-1? I have a mandate to
not use or even build with MD5 if feasible. If MD5 isn't used, would
ntpq still be usable?

On 12/10/2015 1:32 PM, Hal Murray wrote:
> brian.utterback at oracle.com said:
>> That isn't it. I already build with OpenSSL enabled. I didn't explicitly set
>> "--with-crypto", but the config.log file has this:
>> configure:33777: checking if we will use crypto configure:33779: result: yes
>> And running ntp-keygen creates the file with the SHA1 keys just fine. But
>> ntpd won't accept them.
> I just built with and without --with-crypto and the config.h files are 
> identical.
> You may have to debug it the hard way.  It does work for me with 4.3.88 on 
> Debian.

Oracle <http://www.oracle.com>
Brian Utterback | Principle Software Engineer
Phone: +1 6038973049 <tel:+1%206038973049>
Oracle Systems/RPE Solaris Network
1 Oracle Dr. | Nashua, NH 03062
All working systems eventually start to exhibit their own agenda
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
developing practices and products that help protect the environment

More information about the hackers mailing list