On Tue, Mar 12, 2019 at 01:24:52PM -0400, Danny Mayer wrote: > On 3/12/19 4:22 AM, Miroslav Lichvar wrote: > > On 2019-03-11, Nelson Bolyard <nboly...@silverspringnet.com> wrote: > >> NTPv3 supported MD5 and SHA1 Message Authentication Code (MACs) of > >> length 16 and 20 bytes respectively. RFC 5906 says that NTP V4 > >> supports any MAC, but offers no advice about how to send MACs that are > >> longer than 20 bytes, such as SHA256 MACs. > >> > >> Are longer MACs sent in their entirety? > >> Are they truncated to 20 bytes? or to 16 bytes? > > The digests are truncated to 20 bytes in order to follow RFC 7822. > > > Actually it says that they can be no longer than 24 unless otherwise > negotiated by client and server. See Section 7.5.1.3. In the > introduction it says it can be 20 or 24 bytes.
Right. The MAC includes a 32-bit key ID, so the digest has to be shorter by 4 bytes, which is what the OP seemed to be interested in truncating (it may depend on the actual implementation). -- Miroslav Lichvar _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions