[ntp:hackers] SHA1 for symmetric keys?

Miroslav Lichvar mlichvar at redhat.com
Mon Dec 14 09:53:38 UTC 2015


On Thu, Dec 10, 2015 at 06:04:56PM +0000, Greg Dowd wrote:
> Autokey makes the Mac one time if anyone is worried.

So do timestamps contained in the packet. But that doesn't really
matter if Autokey allows a MITM attacker to masquerade as the client
to the server and as the server to the client. It doesn't even protect
against off-path DoS attacks on symmetric associations, so it seems to
me currently the only use for Autokey is distribution of the TAI-UTC
offset.

-- 
Miroslav Lichvar


More information about the hackers mailing list