Gary said: > The whole point is that the client knows the C2S and S2C. Otherwise he can > not key a session to the NTPD server. That is the plaintext. And he has the > cookie, with the algorithm use to make it. That is the ciphertext.
So if the client knows the C2S and S2C, what is he trying to learn by attacking? He already knows his C2S and S2C so there is no point in attacking those. Knowing them doesn't help him attack somebody else's C2S/S2C. The server's K does get rotated so we don't need a way to force that. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
