On 2011-03-25, Chris Albertson <albertson.ch...@gmail.com> wrote: >> NTP Authentication adds signatures to the packets. There is no >> encryption. > > What are "signatures"?
Message Authenticator Code (MAC) > How are they generated? Search for 'hash' in: http://www.ece.udel.edu/~mills/database/reports/stime1/stime.pdf > Signatures are typically encrypted hashes of the message. See section 4 (which starts on page 10). "NTPv3 and NTPv4 symmetric key cryptography uses keyed-MD5 message digests with a 128- bit private key and 32-bit key ID. In order to retain backward compatibility with NTPv3, the NTPv4 key ID space is partitioned in two subspaces at a pivot point of 65536. Symmetric key IDs have values less than the pivot and indefinite lifetime. Autokey key IDs have pseudo-random values equal to or greater than the pivot and are expunged immediately after use. Both symmetric key and public key cryptography authenticate as shown in Figure 1. The server looks up the key associated with the key ID and calculates the message digest from the NTP header and extension fields together with the key value. The key ID and digest form the message authentication code (MAC) included with the message. The client does the same computation using its local copy of the key and compares the result with the digest in the MAC. If the values agree, the message is assumed authentic." -- Steve Kostecke <koste...@ntp.org> NTP Public Services Project - http://support.ntp.org/ _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
