[ntp:questions] NTP packets with MACs longer than SHA1

Miroslav Lichvar mlichvar at redhat.com
Tue Mar 12 08:22:25 UTC 2019


On 2019-03-11, Nelson Bolyard <nbolyard at silverspringnet.com> wrote:
> NTPv3 supported MD5 and SHA1 Message Authentication Code (MACs) of
> length 16 and 20 bytes respectively.  RFC 5906 says that NTP V4
> supports any MAC, but offers no advice about how to send MACs that are
> longer than 20 bytes, such as SHA256 MACs.
>
> Are longer MACs sent in their entirety?
> Are they truncated to 20 bytes? or to 16 bytes?

The digests are truncated to 20 bytes in order to follow RFC 7822.

-- 
Miroslav Lichvar



More information about the questions mailing list