[ntp:questions] NTP packets with MACs longer than SHA1
mlichvar at redhat.com
Tue Mar 12 08:22:25 UTC 2019
On 2019-03-11, Nelson Bolyard <nbolyard at silverspringnet.com> wrote:
> NTPv3 supported MD5 and SHA1 Message Authentication Code (MACs) of
> length 16 and 20 bytes respectively. RFC 5906 says that NTP V4
> supports any MAC, but offers no advice about how to send MACs that are
> longer than 20 bytes, such as SHA256 MACs.
> Are longer MACs sent in their entirety?
> Are they truncated to 20 bytes? or to 16 bytes?
The digests are truncated to 20 bytes in order to follow RFC 7822.
More information about the questions