Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 20 Oct 2014 09:04:57 -0400
From: "Bendler, Ehren" <>
To: "" <>
Subject: RE: attacking hsts through ntp

The symmetric schemes do work, but due to data structure sizing only MD5 and SHA-1 hashed PSKs are supported:

They imply in the comments that it will take a new version of the NTP RFCs to get support for stronger hashing schemes.

-----Original Message-----
From: Stephen Röttger [] 
Sent: Monday, October 20, 2014 5:17 AM
Subject: Re: [oss-security] attacking hsts through ntp

>What about RFC 5906 and the current authentication schemes
> ( ?

The protocol from RFC 5906 is completely broken:

The symmetric schemes are probably fine but hard to set up. But it looks like the NIST provides authenticated NTP:

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ