Crypto, passwords
Kurt Roeckx
kurt at roeckx.be
Fri Jan 5 23:18:22 UTC 2018
On Fri, Jan 05, 2018 at 02:41:39PM -0800, Hal Murray wrote:
>
> > I have no idea how it's used in NTP. But I understand it's some kind of
> > shared password? You should clearly look in how it's being used and if that
> > actually makes sense. Maybe it needs more than just replacing the hash
> > algorithm.
>
> It appends a digest to the packet. This digest covers the shared password,
> the body of the packet, and a 4 byte keyid.
I'm not an expert in this sort of things, but I would suggest you
at least change that to an HMAC.
Kurt
More information about the devel
mailing list