oss-sec mailing list archives
RE: attacking hsts through ntp
From: "Bendler, Ehren" <ebendler () ciena com>
Date: Mon, 20 Oct 2014 09:04:57 -0400
The symmetric schemes do work, but due to data structure sizing only MD5 and SHA-1 hashed PSKs are supported: http://bugs.ntp.org/show_bug.cgi?id=2039 They imply in the comments that it will take a new version of the NTP RFCs to get support for stronger hashing schemes. -----Original Message----- From: Stephen Röttger [mailto:stephen.roettger () gmail com] Sent: Monday, October 20, 2014 5:17 AM To: oss-security () lists openwall com Subject: Re: [oss-security] attacking hsts through ntp
What about RFC 5906 and the current authentication schemes (http://www.eecis.udel.edu/~mills/ntp/html/authentic.html) ?
The protocol from RFC 5906 is completely broken: http://www.eecis.udel.edu/~mills/security.html http://zero-entropy.de/autokey_analysis.pdf The symmetric schemes are probably fine but hard to set up. But it looks like the NIST provides authenticated NTP: http://www.nist.gov/pml/div688/grp40/auth-ntp.cfm
Current thread:
- Re: attacking hsts through ntp, (continued)
- Re: attacking hsts through ntp Michal Zalewski (Oct 16)
- Re: attacking hsts through ntp Hanno Böck (Oct 16)
- Re: attacking hsts through ntp Adam Langley (Oct 16)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: attacking hsts through ntp Hanno Böck (Oct 17)
- Re: attacking hsts through ntp Yves-Alexis Perez (Oct 17)
- Re: attacking hsts through ntp Stephen Röttger (Oct 17)
- Re: attacking hsts through ntp Yves-Alexis Perez (Oct 18)
- Re: attacking hsts through ntp Stephen Röttger (Oct 20)
- RE: attacking hsts through ntp Bendler, Ehren (Oct 20)