[ntpwg] Stronger symmetric NTP authentication
Danny Mayer
mayer at ntp.org
Tue Dec 30 05:57:13 UTC 2008
Bhatia, Manav (Manav) wrote:
>
>> The basic flaw in this argument is the assumption that MD5 is
>> being used
>> for authentication. It isn't. It is only used to verify that
>
> Yes Danny, I know that :-)
>
> Two sides using MD5 can only arrive at the same digest if they use
> the
same key. If the keys are different then the digest would differ, and
the message would get dropped. The fact that one side is able to compute
the same digest with its key, kind of "authenticates" that the original
message was indeed sent by the router that shares the same key.
>
No, autokey is used for authentication and it doesn't use MD5.
> Now, reread my original mail and see if you have problems parsing it.
>
No, you didn't understand what I said. You need to reread my message.
Danny
> Cheers, Manav
>
>> the packet,
>> including the autokey information has not been modified in transit (or
>> spoofed). In many ways this is no different from a checksum.
>> MD5 is only
>> being used as a digest, not an authentication mechanism. There are
>> enough bits in the packet to make the nonce effectively
>> unspoofable. NTP
>> will drop a packet that does not meet the series of tests that ensure
>> that the packet is valid. You are endowing the MAC with
>> attributes that
>> don't actually exist.
>>
>> Danny
>>
>
More information about the ntpwg
mailing list