4a219ecbf1
An analysis by Tim Ruffing [1] shows that a length extension attack adding valid extension fields to NTPv4 packets is possible with some specific key lengths and hash functions using little-endian length like MD5 and RIPEMD160. chronyd currently doesn't process or generate any extension fields, but it could be a problem in future when a non-authentication extension field is supported. Drop support for all RIPEMD functions as they don't seem to be secure in the context of the NTPv4 MAC. MD5 is kept only for compatibility. [1] https://mailarchive.ietf.org/arch/msg/ntp/gvibuB6bTbDRBumfHNdJ84Kq4kA |
||
|---|---|---|
| .. | ||
| chrony.conf.adoc | ||
| chronyc.adoc | ||
| chronyd.adoc | ||
| faq.adoc | ||
| installation.adoc | ||
| Makefile.in | ||