[ntp:questions] Weak Security algorithms used in NTP Autokey protocol
stenn at ntp.org
Thu Mar 24 07:40:48 UTC 2016
Danny Mayer writes:
> On 3/21/2016 12:11 PM, Joe Smithian wrote:
> > H All,
> > I am surprised that NTP still supports insecure algorithms such as MD2, MD5
> > and small key sizes 256,512,1024 in the Autokey authentication! Any plan
> > to deprecate weak algorithms and add more secure algorithms such as SHA-2
> > and SHA-3?
> Yes, although autokey is going to be replaced by NTS. The code needs to
> be upgraded so that it can figure out whether or not it has a MAC and if
> so how big it is.
For the original MAC, that's not really a big deal, Danny. For the new
MAC-EF or for Last-EF it becomes a non-issue.
> > Below is a list of supported keys and algorithms in ntp-keygen version
> > 4.2.8p6
> > ntp-keygen(8) - Linux man pageName
> > ntp-keygen - generate public and private keys
> > Synopsis
> > *ntp-keygen [ -deGgHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 |
> > RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i name ] [
> > -m modulus ] [ -p password ] [ -q password ] [ -S [ RSA | DSA ] ] [
> > -s name ] [ -vnkeys ] [ -V params ]*
> We should aim to handle whatever algorithm becomes available, currently
> whatever OpenSSL has for digests at any particular version. Note that
> both ends need to understand the same algorithm for that to work.
No need. Those options for ntp-keygen are for autokey.
I believe NTS already uses newer/better algorithms, and the symmetric
key stuff (ntp.keys) already suppports any digest algorithms that the
underlying OpenSSL code supports.
Harlan Stenn <stenn at ntp.org>
http://networktimefoundation.org - be a member!
More information about the questions