On Fri, 19 Dec 2014 18:22:47 -0700 Theo de Raadt <[email protected]> wrote:
> openntpd is not vulnerable. Depends on which vulnerability you mean. It is probably vulnerable to this one: http://zero-entropy.de/autokey_analysis.pdf (tl;dr ntp authentication is not secure) And it is probably vulnerable to this: https://github.com/PentesterES/Delorean (tl;dr Man-in-the-Middle) ntp is not secure. openntpd is a more secure implementation of a protocol that is not secure by design. -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
pgppRon8i_0_S.pgp
Description: OpenPGP digital signature
