ntp.conf changes for NTS
Gary E. Miller
gem at rellim.com
Sat Feb 2 21:29:31 UTC 2019
Yo Hal!
On Sat, 02 Feb 2019 02:33:56 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:
> The per client-server pair of keys, C2S and S2C don't roll over as
> long as the connection works reasonably well. I asked about key
> lifetime on the NTP list and Daniel said we don't have to worry about
> it.
> https://mailarchive.ietf.org/arch/msg/ntp/lV74s2I97P8ncJdjsIKvlcAgEG0
The Germans thought that with Enigma. The japanese thought that
with Purple. Both were proven wrong.
Daniel makes bad assumptions about how many tries a second can be made.
> > The recommendation for AES-SIV is to encrypt no more than 2**48
> > messages under the same key. At one message per second that's
> > almost 9 million years. If you (unwisely) use AES-GCM instead,
> > where the recommended limit is 2**32 messages, that's still 136
> > years.
Nothing says that a single cookie could not be used by a farm of
clients to push the cookies per second into the thousands.
Then add that this is millions of know plaintext and known ciphertext pairs
That is not what the key reuse calculations assume.
Yes, not a simple thing, but possible for a nation state.
So whatever a conservative key reuse limit is, it should be enforced.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190202/67ae6b0b/attachment.bin>
More information about the devel
mailing list