Crypto - what algorithms to use?
fallenpegasus at gmail.com
Thu Mar 31 23:47:05 UTC 2016
We should live with MD5/SHA1 in shared key protocol, for now, for reasons
of compatibility, but document that we know it's not the current best
Who maintains the leap-file?
On Mon, Mar 28, 2016 at 11:16 PM Hal Murray <hmurray at megapathdsl.net> wrote:
> The current ntpd has a simple shared key setup to make sure the client is
> talking to the right server. The payload is not encrypted. This is
> authentication, not confidentiality.
> It uses MD5 or SHA1. Those are getting a bit old. We should probably
> Is there a good list of what algorithms are currently thought to be secure?
> I think the code changes will be simple - libcrypto does all the work. I
> don't know my way around that area, but I think I've seen an API to get a
> list of the algorithms it supports.
> Should we drop support for insecure algorithms, or retain it for backwards
> Odds and ends:
> ntpd gets the SHA1 code from libcrypto from the openssl-libs package (on
> There is MD5 code in libntp/a_md5encrypt.c, so you can use MD5 without
> Looks like there is also MD5 and SHA1 code in libisc
> They both use libcrypto is it's available, otherwise they provides real
> I don't think the MD5 code is ever used. The SHA1 code is used to verify
> These are my opinions. I hate spam.
> devel mailing list
> devel at ntpsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel