Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Oct 2014 09:17:20 +0000
From: Stephen Röttger <stephen.roettger@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: attacking hsts through ntp

>What about RFC 5906 and the current authentication schemes
> (http://www.eecis.udel.edu/~mills/ntp/html/authentic.html) ?

The protocol from RFC 5906 is completely broken:
  http://www.eecis.udel.edu/~mills/security.html
  http://zero-entropy.de/autokey_analysis.pdf

The symmetric schemes are probably fine but hard to set up. But it looks
like the NIST provides authenticated NTP:
http://www.nist.gov/pml/div688/grp40/auth-ntp.cfm

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ