Open bobpf opened 3 years ago
bobpf
commented
3 years ago Usage of NTPv3 protocol has come up on a security review. Can you comment on its usage and the possibility of getting v4 implemented as the primary protocol or as an configuration option?
efeint01
commented
3 years ago Hello @bobpf . So what do you prefer to use? The library is really old and questions still remain unanswered. This is status broken
bobpf
commented
3 years ago Switching the protocol to us NTP v4 would be preferable.
efeint01
commented
3 years ago Thank you. I also using Android Secure Timer which is so good library for this, and I never see errors.
bobpf
commented
3 years ago How does Secure Timer related to NTP v4?
kaushikgopal
commented
2 years ago @bobpf : first priority is probably landing the move to coroutines and improving the algorithm further. there's no immediate plan on moving to NTP v4 but I'm curious to read up more to get a better sense of the effort (as we gradually work on the other PRs).
do you have other helpful documentation/links that are a little more developer focused for me to read up on?
metatron1973
commented
2 years ago System rack with fraud please start forensic audit 
It looks like your still using v3 protocol that has known vulnerabilities and is subject to be using in DDos attacks. Version 4 has been around since 2010 and earlier. Is this on your radar and if so when do you plan on upgrading the version/protocol used?
https://www.nwtime.org/outdated_versions_of_ntp_leaving_users_vulnerable/