B
MD5 Authentication and NTP Broadcast Mode
B.1 Introduction to MD5
MD5 is a security protocol that can be used to authenticate NTP
Symmetricom’s version of MD5 is compatible with all versions of NTP client software furnished by Dr. David Mills at the University of Delaware. MD5 was drafted into a standard by MIT Laboratory for Computer Science and RSA Security, Inc. MD5 authentication means the information within the NTP packet is guaranteed to be unaltered and from a user having privileged access. Unlike other cryptographic ciphers, MD5 does not hide the data within the packet. The MD5 authenticated NTP packet is still readable. This means MD5 is faster to generate than other cryptographic protocols, and as Dr. Mills notes, there is no reason to hide the actual time from anyone. Further, MD5 does not suffer from any export restrictions. You could think of MD5 as a very sophisticated NTP data checksum that is calculated over the data, socket address, and a private key of an NTP time packet. It is extremely difficult to reverse generate.
The MD5 cryptographic key identifier and cryptographic message digest are appended to the end of a normal NTP packet and the two pieces of information are referred to together as an MD5 signature. The key identifier is the first field in the signature, and it is a
An MD5 key is an ASCII alpha/numeric character string that is from 1 to 32 characters in length. The key is most secure when all 32 characters are filled with numbers and letters chosen at random. The ASCII key string is combined with the NTP packet data and results in a secure message digest.
TimeVault™ User’s Manual |
