oss-sec mailing list archives

Re: can we talk about secure time?

From: "ncl () cock li" <ncl () cock li>
Date: Sat, 20 Dec 2014 09:47:35 -0800

On 20/12/14 03:27, Hanno Böck wrote:

A strange discussion. Because ntp is insecure by design. It is an
unauthenticated, insecure protocol that is suspectible to
man-in-the-middle-attacks. Frankly, I don't care which implementation
of an insecure protocol has less buffer overflows.


How broken are the authentication methods already present in ntpd?[1]
So far there appears to be only DES/MD5 keys, and with autokey, RSA/DH
(but apparently autokey doesn't work behind NAT?)
As far as I know, distros don't typically set these up, would it be
worth it to enable and improve on these, or just make something new?

Considering OSes already set up their own ntp pools[2], they could also
provide their own trusted keys in their ntpd packages.


[1] http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3143
[2] (ubuntu|openbsd|debian|netbsd|fedora).pool.ntp.org

Current thread:

can we talk about secure time? Hanno Böck (Dec 20)
- Re: can we talk about secure time? Stuart Henderson (Dec 20)
  - Re: can we talk about secure time? Daniel Kahn Gillmor (Dec 20)
- Re: can we talk about secure time? ncl () cock li (Dec 20)
  - Re: can we talk about secure time? Daniel Micay (Dec 20)
- Re: can we talk about secure time? Florian Weimer (Dec 21)
  - Re: can we talk about secure time? Daniel Micay (Dec 21)
  - Re: can we talk about secure time? Dave Horsfall (Dec 21)
    - leap seconds and security [was: Re: can we talk about secure time?] Daniel Kahn Gillmor (Dec 21)
    - Re: can we talk about secure time? Florian Weimer (Dec 21)
  - Re: can we talk about secure time? Hanno Böck (Dec 21)
    - Re: can we talk about secure time? Kurt Seifried (Dec 21)
    - Re: can we talk about secure time? Hanno Böck (Dec 21)
    - Re: can we talk about secure time? Walter Parker (Dec 21)

(Thread continues...)