[ntpwg] Stronger symmetric NTP authentication
Bhatia, Manav (Manav)
manav at alcatel-lucent.com
Tue Dec 30 05:23:33 UTC 2008
>
> The basic flaw in this argument is the assumption that MD5 is
> being used
> for authentication. It isn't. It is only used to verify that
Yes Danny, I know that :-)
Two sides using MD5 can only arrive at the same digest if they use the same key. If the keys are different then the digest would differ, and the message would get dropped. The fact that one side is able to compute the same digest with its key, kind of "authenticates" that the original message was indeed sent by the router that shares the same key.
Now, reread my original mail and see if you have problems parsing it.
Cheers, Manav
> the packet,
> including the autokey information has not been modified in transit (or
> spoofed). In many ways this is no different from a checksum.
> MD5 is only
> being used as a digest, not an authentication mechanism. There are
> enough bits in the packet to make the nonce effectively
> unspoofable. NTP
> will drop a packet that does not meet the series of tests that ensure
> that the packet is valid. You are endowing the MAC with
> attributes that
> don't actually exist.
>
> Danny
>
More information about the ntpwg
mailing list