Crypto, passwords

Eric S. Raymond esr at
Fri Jan 5 18:04:36 UTC 2018

Hal Murray <hmurray at>:
> That's not the question I was trying to ask.


> I was inquiring about reading keys from the keys file.  You are talking about 
> bits on the wire.
> It's actually more complicated than length==5 for MD5.  The type (MD5) is 
> also in the keys file.  I don't know what the code actually does.

If you read ntpkeygen I think matters will become clearer.

> I believe the plan is to switch to a type+length+body format for packet 
> extensions.  Backward compatibility requires adding dummy extensions if 
> required to avoid the magic lengths the current code understands or maybe 
> just make the total length more than the longest of the grandfathered 
> lengths.  (No need for NTPv5, at least for this reason.)

You're right about "the plan".  The conservative way to do NTPv5 would just
be as a bunch of defined extension types, one for new auth key types.

> I just looked at the code to answer my question.
>                  * Finally, get key and insert it. If it is longer than 20
>                  * characters, it is a binary string encoded in hex;
>                  * otherwise, it is a text string of printable ASCII
>                  * characters.
> If ntpq has code to read passwords from the keyboard, we should copy that 
> hack.

The hack is just the Python getpass() library function.  Easy stuff.
		<a href="">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute:
Please visit their site and donate: the civilization you save might be your own.

More information about the devel mailing list