Appendix B: MD5 Authentication and NTP Broadcast Mode

Introduction to MD5

The MD5 message digest is 16 bytes in length and it follows the key identifier in the signature. A server authenticates the NTP packet from a client by first looking up the key by reference to the key identifier. It then generates the MD5 message digest based on the key and the NTP data and compares the resulting message digest to the client packet’s MD5 message digest. If the two compare, a NTP reply packet is generated with a new MD5 signature. If the MD5 message digests do not agree, then the NTP client packet is ignored by the Symmetricom server.

To use NTP Broadcast mode, you also need the following information:

Maximum number of user definable MD5 keys in the “ntp.keys” file: 24

Maximum number of trusted keys that can be defined in an “ntp.conf” file: 20

Maximum number of keys that can be used in NTP broadcast mode: 20

Maximum text length of MD5 key value in “ntp.keys” file: 32 ASCII characters

For more technical information on MD5, see the MD5 RFC-1321, NTP RFC-1305, and the release notes for NTP client software furnished by Dr. David Mills’ web site located at the following Internet addresses at the University of Delaware:

http://www.eecis.udel.edu/~ntp or

http://www.eecis.udel.edu/~ntp/software.html

All RFCs are published with approval of the Internet Activities Board, found on the Internet by running any search engine and typing “RFC” in the search field (or “RFC-####” if you have the number). Two such search engines can be found at the following Internet addresses:

http://www.lycos.com/

http://www.altavista.com/

B-100

TimeVault™ User’s Manual

6000-100AppB.fm Rev. D

Page 114
Image 114
Symmetricom Time Server user manual Introduction to MD5