<div dir="auto">If SHA-0 has ever been used in NTP that's news to me. It was broken pretty quickly after publication and never saw much use. Pretty sure any documentation which refers to it is confused.<div dir="auto"><br></div><div dir="auto">I would prefer that OpenSSL implementations of primitives get used when available, for performance reasons which translate directly to improved precision.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Jan 27, 2017 10:20 AM, "Eric S. Raymond" <<a href="mailto:esr@thyrsus.com">esr@thyrsus.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Mark: Heads up! PR issue.<br>
<br>
Matthew Selsky <<a href="mailto:Matthew.Selsky@twosigma.com">Matthew.Selsky@twosigma.com</a>>:<br>
> On Wed, Jan 25, 2017 at 11:47:01PM -0800, Hal Murray wrote:<br>
> ><br>
> > [From gitlab]<br>
> > > It uses SHA1 but not SHA0 - SHA1 is an option for packet MACs. There should<br>
> > > be no problem with using the ISC version unconditionally.<br>
><br>
> <a href="https://docs.ntpsec.org/latest/ntpq.html's" rel="noreferrer" target="_blank">https://docs.ntpsec.org/<wbr>latest/ntpq.html's</a> keytype lists "SHA". Does that mean sha0 or sha1?<br>
<br>
>From context, SHA-0 - supported only if OpenSSL is linked. I have<br>
disambiguated in the documentation.<br>
<br>
> OpenSSL/LibreSSL's libcrypto is only needed for ntp.keys that are using a digest> that's neither MD5 nor SHA1.<br>
><br>
> As 2 data points (yes, not enough), my users are using MD5<br>
> internally. I also spoke to Dr Levine from NIST yesterday and of<br>
> his 500 customers that use authentication, all but 2 use MD5. The<br>
> other 2 customers use SHA1. None of his customers use anything<br>
> fancier.<br>
<br>
That's kind of interesting. To me it suggests that maybe we should drop OpenSSL<br>
and support for MAC types other than ND5 and SHA-1. I can see that we might<br>
want to keep the others for PR reasons, though, even if they haven't got<br>
actual traction.<br>
<br>
Mark: do you have an opinion about this?<br>
<br>
> Can we make OpenSSL an optional dependency?<br>
<br>
Hm. I thought it was already optional. But INSTALL says differently, and<br>
mow I'm not sure. Checking...<br>
<br>
OK, I was right and INSTALL is wrong. waf has openssl marked optional.<br>
<br>
>I'd prefer that we always use the public domain code for MD5 and<br>
>SHA1 and then use the OpenSSL code when available, but only for<br>
>digest algorithms that are exclusive to them? That will allow us to<br>
>have few #ifdef branches and be better able to test the code. And<br>
>there's no need to add an extra build requirement when most users<br>
>won't need it.<br>
<br>
I have a higher-priority thing to chew on (nuking interface scanning) but<br>
I'd take that patch from you. It's good cleanup even if we then decide to drop<br>
OpenSSL entirely.<br>
--<br>
<a href="<a href="http://www.catb.org/~esr/" rel="noreferrer" target="_blank">http://www.catb.org/~<wbr>esr/</a>">Eric S. Raymond</a><br>
______________________________<wbr>_________________<br>
devel mailing list<br>
<a href="mailto:devel@ntpsec.org">devel@ntpsec.org</a><br>
<a href="http://lists.ntpsec.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ntpsec.org/<wbr>mailman/listinfo/devel</a><br>
</blockquote></div></div>