[ntp:hackers] Using authentication

Brian Utterback brian.utterback at oracle.com
Thu Nov 5 13:45:29 UTC 2015


I would like to understand the current state of affairs regarding 
setting up authentication in NTP. My understanding is that there is a 
CVE that was recently published that calls out a vulnerability called 
"small step/big step", which the next release of NTP will address. 
However, the change doesn't actually fix the problem it just makes the 
window of opportunity smaller. The only real fix is to use authentication.

So, the thing is, most people don't authenticate NTP. I'd like to 
understand why and discuss what we can do about it. Any ideas? Didn't we 
even talk recently about removing autokey?
-- 
Oracle <http://www.oracle.com>
Brian Utterback | Principal Software Engineer
Phone: +1 6038973049 <tel:+1%206038973049>
Oracle Systems/RPE Solaris Network
1 Oracle Dr. | Nashua, NH 03062
------------------------------------------------------------------------
All working systems eventually show their own agendas.
------------------------------------------------------------------------
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to 
developing practices and products that help protect the environment


More information about the hackers mailing list