Table of Contents
Advertisement
The message digest is computed using preferred Message Digest 5 (MD5). An alternative is
the Digital Encryption Standard, Cipher Block Chaining (DES-CBC).
The Message Authentication Code (MAC) is made up of a key identifier, then the message
digest. Keys are held in a key cache; the cache is initialized from a private file.
Authentication: NTP v4 Autokey
NTP v4 uses public-key cryptography, meaning all keys are random, and private keys are
never revealed. A certificate scheme binds the public key to the server identification.
Symmetric-key cryptography uses fixed private keys that must be distributed in advance. The
Diffie-Hellman model defines the key agreement, and is required for private random keys.
Public Domain NTP Package
For clients not using the public domain NTP package, the NTP packet is enlarged by 8 bytes
to handle the entire cryptochecksum, which is 16 bytes (128 bits) in size as generated by the
MD5. Since this field is the last in the packet, it should not present any difficulty.
How NTP Defines the Authentication Process
If authentication is enabled, and a valid authentication key identifier and cryptochecksum is
received, then the NTP packet is filled in and a new cryptochecksum is computed and added
to the packet. The packet is then sent back to the client.
More information
For more about NTP authentication, see both the NTP help available from the S100 web
interface and from:
http://www.ntp.org
Typical NTP Configuration Considerations
This section provides additional information on using NTP and network configuration. The
examples provided for explanatory purposes only.
94
.
SyncServer S100
S100 User Guide – Rev. D – June 2005
Advertisement
Chapters
Table of Contents
