Crypto - what algorithms to use?

[Hal Murray]

The current ntpd has a simple shared key setup to make sure the client is 
talking to the right server.  The payload is not encrypted.  This is 
authentication, not confidentiality.

It uses MD5 or SHA1.  Those are getting a bit old.  We should probably update 
things.

Is there a good list of what algorithms are currently thought to be secure?  
I think the code changes will be simple - libcrypto does all the work.  I 
don't know my way around that area, but I think I've seen an API to get a 
list of the algorithms it supports.

Should we drop support for insecure algorithms, or retain it for backwards 
compatibility?

Odds and ends:

ntpd gets the SHA1 code from libcrypto from the openssl-libs package (on 
Fedora)
There is MD5 code in libntp/a_md5encrypt.c, so you can use MD5 without 
libcrypto.

Looks like there is also MD5 and SHA1 code in libisc
They both use libcrypto is it's available, otherwise they provides real code.
I don't think the MD5 code is ever used.  The SHA1 code is used to verify the 
leap-file.






-- 
These are my opinions.  I hate spam.