Discussion:
[ntp:questions] NTP Support SHA2 or not
Sharma12, Sachin
2018-10-08 06:29:24 UTC
Permalink
Hi,

We are using ntp-4.2.6p5-28.el7, Please let us know whether the NTP support SHA2 with FIPS enable and disable?

If not then please let us know when NTP support for SHA2 in future release?

Regards
Sachin
Danny Mayer
2018-10-14 02:19:44 UTC
Permalink
Sorry for the delay in responding. No, it doesn't work right now. I did
test this out several years ago but the problem with SHA2 is the length
of the resultant hash. There's no problem creating and sending such a
MAC but the other side needs to be changed to be able to properly handle
the resulting MAC. There are plans to change the code to properly deal
with this and other types of hashing algorithms.

Danny
Post by Sharma12, Sachin
Hi,
We are using ntp-4.2.6p5-28.el7, Please let us know whether the NTP support SHA2 with FIPS enable and disable?
If not then please let us know when NTP support for SHA2 in future release?
Regards
Sachin
_______________________________________________
questions mailing list
http://lists.ntp.org/listinfo/questions
Sharma12, Sachin
2018-10-15 05:08:01 UTC
Permalink
++shagun

-----Original Message-----
From: Danny Mayer <***@ntp.org>
Sent: Sunday, October 14, 2018 7:50 AM
To: Sharma12, Sachin <***@harman.com>; ***@lists.ntp.org
Subject: [EXTERNAL] Re: [ntp:questions] NTP Support SHA2 or not

Sorry for the delay in responding. No, it doesn't work right now. I did test this out several years ago but the problem with SHA2 is the length of the resultant hash. There's no problem creating and sending such a MAC but the other side needs to be changed to be able to properly handle the resulting MAC. There are plans to change the code to properly deal with this and other types of hashing algorithms.

Danny
Post by Sharma12, Sachin
Hi,
We are using ntp-4.2.6p5-28.el7, Please let us know whether the NTP support SHA2 with FIPS enable and disable?
If not then please let us know when NTP support for SHA2 in future release?
Regards
Sachin
_______________________________________________
questions mailing list
https://clicktime.symantec.com/a/1/VTHNJCbzl-o2p5sn0oSkA0HyEi2HFWS2HHv
oHGkzu28=?d=Fb4bsvrUiOqa_OoiDbk1MKQ9TaxZU-ZK6tfS1Ga1LwuvLMBkfzc0WIgmz9
e7ERpsB8YdjFQe7HTlTzJJrOGA31q11x7Grb-K85NxydQgfhJ9HRskbq13uU7FrIrdqsyh
XOTtX0ZhmN8E6DzQpYyPME2hTgkIkv4leQQxPvhvTd2PAobBmvPAdqQvgtBnlNpTa0_YiZ
cjBZjO7LL0bb6bdK4FZqz8wpFDwC54vvNDj3RkThKC3udeHPXC8IRR3Q_ZiZTxlHDF6Prn
nAB2tXzhWH0YAYVUaxENY4D0jutk7kWiu-lDg1mtg9AoX5N3C3KyOdpQVu3LIzomdeWy6x
ysc0UOMHE1wrCqKt2JZcLjoss5Xx4mvPiDMAk%3D&u=http%3A%2F%2Flists.ntp.org%
2Flistinfo%2Fquestions
Miroslav Lichvar
2018-10-15 11:48:37 UTC
Permalink
Post by Danny Mayer
Sorry for the delay in responding. No, it doesn't work right now. I did
test this out several years ago but the problem with SHA2 is the length
of the resultant hash. There's no problem creating and sending such a
MAC but the other side needs to be changed to be able to properly handle
the resulting MAC. There are plans to change the code to properly deal
with this and other types of hashing algorithms.
I think that may already have been implemented. Recent ntp versions
seem to truncate long MACs to 160 bits, so it should work with any
hash function supported by openssl. However, ntp-4.2.6p5-28.el7 from
RHEL/CentOS doesn't support it.
Post by Danny Mayer
Danny
Post by Sharma12, Sachin
Hi,
We are using ntp-4.2.6p5-28.el7, Please let us know whether the NTP support SHA2 with FIPS enable and disable?
If not then please let us know when NTP support for SHA2 in future release?
--
Miroslav Lichvar
Loading...