On 3/21/2016 12:11 PM, Joe Smithian wrote: > H All, > > I am surprised that NTP still supports insecure algorithms such as MD2, MD5 > and small key sizes 256,512,1024 in the Autokey authentication! Any plan > to deprecate weak algorithms and add more secure algorithms such as SHA-2 > and SHA-3? >
Yes, although autokey is going to be replaced by NTS. The code needs to be upgraded so that it can figure out whether or not it has a MAC and if so how big it is. > > Below is a list of supported keys and algorithms in ntp-keygen version > 4.2.8p6 > > > ntp-keygen(8) - Linux man pageName > > ntp-keygen - generate public and private keys > > Synopsis > > *ntp-keygen [ -deGgHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | > RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i name ] [ > -m modulus ] [ -p password ] [ -q password ] [ -S [ RSA | DSA ] ] [ > -s name ] [ -vnkeys ] [ -V params ]* We should aim to handle whatever algorithm becomes available, currently whatever OpenSSL has for digests at any particular version. Note that both ends need to understand the same algorithm for that to work. Danny _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions