search

pendulum-project / ntpd-rs

A full-featured implementation of the Network Time Protocol, including NTS support.
https://trifectatech.org
Other
777 stars 43 forks source link

symmetric key authentication #369

Open folkertdev opened 2 years ago

folkertdev commented 2 years ago

symmetric key authentication using sha256. Required to use NIST to provide NTP time at the moment (they don't do NTS)

rlaager commented 1 year ago

I'm not in a position to sponsor, but I can answer questions, as I use this functionality (both MD5 and SHA256 at the moment).

mnordhoff commented 7 months ago

Comment from the peanut gallery:

Traditional NTP authentication has questionable security properties, since it uses hash functions vulnerable to length extension attacks without using HMAC.

Supporting AES-CMAC or SHA-3 (which is supported by Chrony, but I'm not sure if it's standardized anywhere) should be safer.

rnijveld commented 7 months ago

I'd say this issue is more of an interoperability issue, i.e. allowing our implementation to communicate with implementations that use MD5/SHA1/SHA256 right now in the wild (such as the NIST secure time servers). I'd very much put an implementation for that behind a feature flag or some very specific configuration indicating its legacy status. I don't think AES-CMAC or SHA-3 see much (if any) usage in practice, and I would avoid creating an implementation for them unless absolutely necessary.

Instead, we're hoping people really move onto NTS (which ntpd-rs already supports). NTS provides a much better security mechanism altogether and can be used in much more versatile ways.