Crypto, passwords

Eric S. Raymond esr at
Fri Jan 5 22:01:57 UTC 2018

Kurt Roeckx <kurt at>:
> So I want to clarify this a little. As far as I know MD5 is actually
> broken for preimage resistance, but it's only slightly faster than
> bruce force. For SHA-1 it's only a reduced version that's broken. In
> the long run you should not trust them, but I don't think there is a
> reason to panic (if only preimage resistance is important).
> I have no idea how it's used in NTP. But I understand it's some
> kind of shared password? You should clearly look in how it's being
> used and if that actually makes sense. Maybe it needs more than
> just replacing the hash algorithm.

I'm not fully qualified to do that audit.  Daniel Franke is.

Daniel? Can we get an opinion from our expert?
		<a href="">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute:
Please visit their site and donate: the civilization you save might be your own.

More information about the devel mailing list