[ntpwg] Stonger symmetric NTP authentication
Danny Mayer
mayer at ntp.isc.org
Mon Nov 17 17:43:39 UTC 2008
Bhatia, Manav (Manav) wrote:
> Hi,
>
> Is there any plan underway to use
> HMAC-SHA-1/HMAC-SHA-256/HMAC-SHA-384/etc for NTPv4? We could use the
> extension field header to encode the new hash digest, or it could be
> prepared in such a way that its generic enough to support any crypto
> algorithm. The new extension field header could also include a
> monotonically increasing sequence number that could help prevent replay
> attacks.
>
There is almost no way to replay a NTP packet even without autokey. With
the sent timestamp plus IP address as a 64-bit nonce it would get
dropped immediately as matching nothing that the requestor is waiting
for and you could never guess the timestamp that was being used. I don't
think that there is any real benefit to going to a new digest. SHA-1 is
being deprecated as not strong enough anyway and all users of this are
moving to SHA-2.
Danny
> Cheers, Manav
More information about the ntpwg
mailing list