SyncServer S100

The message digest is computed using preferred Message Digest 5 (MD5). An alternative is the Digital Encryption Standard, Cipher Block Chaining (DES-CBC).

The Message Authentication Code (MAC) is made up of a key identifier, then the message digest. Keys are held in a key cache; the cache is initialized from a private file.

Authentication: NTP v4 Autokey

NTP v4 uses public-key cryptography, meaning all keys are random, and private keys are never revealed. A certificate scheme binds the public key to the server identification. Symmetric-key cryptography uses fixed private keys that must be distributed in advance. The Diffie-Hellman model defines the key agreement, and is required for private random keys.

Public Domain NTP Package

For clients not using the public domain NTP package, the NTP packet is enlarged by 8 bytes to handle the entire cryptochecksum, which is 16 bytes (128 bits) in size as generated by the MD5. Since this field is the last in the packet, it should not present any difficulty.

How NTP Defines the Authentication Process

If authentication is enabled, and a valid authentication key identifier and cryptochecksum is received, then the NTP packet is filled in and a new cryptochecksum is computed and added to the packet. The packet is then sent back to the client.

More information

For more about NTP authentication, see both the NTP help available from the S100 web interface and from:

http://www.ntp.org.

Typical NTP Configuration Considerations

This section provides additional information on using NTP and network configuration. The examples provided for explanatory purposes only.

94

S100 User Guide – Rev. D – June 2005

Page 102
Image 102
Symmetricom S100 manual Typical NTP Configuration Considerations, Authentication NTP v4 Autokey, Public Domain NTP Package