[ntp:questions] Secure NTP

Steve Kostecke kostecke at ntp.org
Fri Mar 25 18:06:44 UTC 2011

On 2011-03-25, Chris Albertson <albertson.chris at gmail.com> wrote:
>> NTP Authentication adds signatures to the packets. There is no
>> encryption.
> What are "signatures"?

Message Authenticator Code (MAC)

> How are they generated?

Search for 'hash' in:


> Signatures are typically encrypted hashes of the message.

See section 4 (which starts on page 10).

"NTPv3 and NTPv4 symmetric key cryptography uses keyed-MD5 message
digests with a 128- bit private key and 32-bit key ID. In order to
retain backward compatibility with NTPv3, the NTPv4 key ID space is
partitioned in two subspaces at a pivot point of 65536. Symmetric key
IDs have values less than the pivot and indefinite lifetime. Autokey key
IDs have pseudo-random values equal to or greater than the pivot and
are expunged immediately after use. Both symmetric key and public key
cryptography authenticate as shown in Figure 1. The server looks up the
key associated with the key ID and calculates the message digest from
the NTP header and extension fields together with the key value. The key
ID and digest form the message authentication code (MAC) included with
the message. The client does the same computation using its local copy
of the key and compares the result with the digest in the MAC. If the
values agree, the message is assumed authentic."

Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/

More information about the questions mailing list