># 1, the packet is a crypto-NAK; if 3, the packet is
># authenticated with DES; if 5, the packet is authenticated
The DES stuff is news to me.
NTP classic had stand alone code for MD5 and SHA1. We carried that along
until we decided to require libcrypto.
> I don't know how
Hal Murray :
>
> Eric said:
> > The docs still talk about MD5 and SHA-1, but the comments in ntpkeygen
> > reference something called AES-128 which doesn't seem to be referenced at
> > all
> > in the docs or the NTP RFCs.
>
> AES-128 is the replacement for SHA1. If there isn't an RFC, there
Eric said:
> The docs still talk about MD5 and SHA-1, but the comments in ntpkeygen
> reference something called AES-128 which doesn't seem to be referenced at all
> in the docs or the NTP RFCs.
AES-128 is the replacement for SHA1. If there isn't an RFC, there is a
ready-to-publish draft.
I was reviewing documentation today and discovered something alarming.
The docs still talk about MD5 and SHA-1, but the comments in ntpkeygen
reference something called AES-128 which doesn't seem to be
referenced at all in the docs or the NTP RFCs.
The last person to work on this seems to have