[ntp:questions] Weak Security algorithms used in NTP Autokey protocol

Harlan Stenn stenn at ntp.org
Tue Apr 5 01:34:24 UTC 2016


Joe Smithian writes:

> Thanks all for your comments. Good to know that NTPSec is coming. When do
> you expect NTPSec be available in major Linux distributions such as Red Hat
> and Ubuntu?

NTS is Network Time Security.

NTPsec is ... not.  And it's off-topic here.

NTS will be in the NTP.org distribution as soon as it's ready, and there
are a number of pending issues to be resolved before that will be the
case.  A lot of work still needs to be done and there are limited
resources available.  If folks want to see NTS happen sooner, please let
me know how you are willing and able to help.

As for when any linux distributions will have this code, we have no
control over that.

H
---
> On Thu, Mar 24, 2016 at 3:40 AM, Harlan Stenn <stenn at ntp.org> wrote:
> 
> > Danny Mayer writes:
> > > On 3/21/2016 12:11 PM, Joe Smithian wrote:
> > > > H All,
> > > >
> > > > I am surprised that NTP still supports insecure algorithms such as
> > MD2, MD5
> > > > and small key sizes  256,512,1024 in the Autokey authentication! Any
> > plan
> > > > to deprecate weak algorithms and add more secure algorithms such as
> > SHA-2
> > > > and SHA-3?
> > > >
> > >
> > > Yes, although autokey is going to be replaced by NTS. The code needs to
> > > be upgraded so that it can figure out whether or not it has a MAC and if
> > > so how big it is.
> >
> > For the original MAC, that's not really a big deal, Danny.  For the new
> > MAC-EF or for Last-EF it becomes a non-issue.
> >
> > > > Below is a list of supported keys and algorithms in ntp-keygen version
> > > > 4.2.8p6
> > > >
> > > >
> > > > ntp-keygen(8) - Linux man pageName
> > > >
> > > > ntp-keygen - generate public and private keys
> > > >
> > > > Synopsis
> > > >
> > > > *ntp-keygen [ -deGgHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA |
> > RSA-SHA1 |
> > > > RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i name ] [
> > > > -m modulus ] [ -p password ] [ -q password ] [ -S [ RSA | DSA ] ] [
> > > > -s name ] [ -vnkeys ] [ -V params ]*
> > >
> > > We should aim to handle whatever algorithm becomes available, currently
> > > whatever OpenSSL has for digests at any particular version. Note that
> > > both ends need to understand the same algorithm for that to work.
> >
> > No need.  Those options for ntp-keygen are for autokey.
> >
> > I believe NTS already uses newer/better algorithms, and the symmetric
> > key stuff (ntp.keys) already suppports any digest algorithms that the
> > underlying OpenSSL code supports.
> >
> > --
> > Harlan Stenn <stenn at ntp.org>
> > http://networktimefoundation.org - be a member!
> >
> 
> --001a113fc3a013f9df052fab3212
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> 
> <div dir=3D"ltr">Thanks all for your comments. Good to know that NTPSec is =
> coming. When do you expect NTPSec be available in major Linux distributions=
>  such as Red Hat and Ubuntu?<div><br></div><div>Joe</div></div><div class=
> =3D"gmail_extra"><br><div class=3D"gmail_quote">On Thu, Mar 24, 2016 at 3:4=
> 0 AM, Harlan Stenn <span dir=3D"ltr"><<a href=3D"mailto:stenn at ntp.org" t=
> arget=3D"_blank">stenn at ntp.org</a>></span> wrote:<br><blockquote class=
> =3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
> ing-left:1ex"><span class=3D"">Danny Mayer writes:<br>
> > On 3/21/2016 12:11 PM, Joe Smithian wrote:<br>
> > > H All,<br>
> > ><br>
> > > I am surprised that NTP still supports insecure algorithms such a=
> s MD2, MD5<br>
> > > and small key sizes=C2=A0 256,512,1024 in the Autokey authenticat=
> ion! Any plan<br>
> > > to deprecate weak algorithms and add more secure algorithms such =
> as SHA-2<br>
> > > and SHA-3?<br>
> > ><br>
> ><br>
> > Yes, although autokey is going to be replaced by NTS. The code needs t=
> o<br>
> > be upgraded so that it can figure out whether or not it has a MAC and =
> if<br>
> > so how big it is.<br>
> <br>
> </span>For the original MAC, that's not really a big deal, Danny.=C2=A0=
>  For the new<br>
> MAC-EF or for Last-EF it becomes a non-issue.<br>
> <span class=3D""><br>
> > > Below is a list of supported keys and algorithms in ntp-keygen ve=
> rsion<br>
> > > 4.2.8p6<br>
> > ><br>
> > ><br>
> > > ntp-keygen(8) - Linux man pageName<br>
> > ><br>
> > > ntp-keygen - generate public and private keys<br>
> > ><br>
> > > Synopsis<br>
> > ><br>
> > > *ntp-keygen [ -deGgHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RS=
> A-SHA1 |<br>
> > > RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i name ] [<b=
> r>
> > > -m modulus ] [ -p password ] [ -q password ] [ -S [ RSA | DSA ] ]=
>  [<br>
> > > -s name ] [ -vnkeys ] [ -V params ]*<br>
> ><br>
> > We should aim to handle whatever algorithm becomes available, currentl=
> y<br>
> > whatever OpenSSL has for digests at any particular version. Note that<=
> br>
> > both ends need to understand the same algorithm for that to work.<br>
> <br>
> </span>No need.=C2=A0 Those options for ntp-keygen are for autokey.<br>
> <br>
> I believe NTS already uses newer/better algorithms, and the symmetric<br>
> key stuff (ntp.keys) already suppports any digest algorithms that the<br>
> underlying OpenSSL code supports.<br>
> <div class=3D"HOEnZb"><div class=3D"h5"><br>
> --<br>
> Harlan Stenn <<a href=3D"mailto:stenn at ntp.org">stenn at ntp.org</a>><br>
> <a href=3D"http://networktimefoundation.org" rel=3D"noreferrer" target=3D"_=
> blank">http://networktimefoundation.org</a> - be a member!<br>
> </div></div></blockquote></div><br></div>
> 
> --001a113fc3a013f9df052fab3212--
> 


More information about the questions mailing list