faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
chrony/test
History
Miroslav Lichvar 4a219ecbf1 hash: drop support for RIPEMD hash functions 
An analysis by Tim Ruffing [1] shows that a length extension attack
adding valid extension fields to NTPv4 packets is possible with some
specific key lengths and hash functions using little-endian length like
MD5 and RIPEMD160.

chronyd currently doesn't process or generate any extension fields, but
it could be a problem in future when a non-authentication extension
field is supported.

Drop support for all RIPEMD functions as they don't seem to be secure in
the context of the NTPv4 MAC. MD5 is kept only for compatibility.

[1] https://mailarchive.ietf.org/arch/msg/ntp/gvibuB6bTbDRBumfHNdJ84Kq4kA
2019-09-24 11:32:31 +02:00
..
compilation test: add sanitizers test 2018-08-24 18:09:29 +02:00
kernel test: add tests for system adjtime() and ntp_adjtime() 2015-09-17 10:56:51 +02:00
simulation test: disable server on client-only nodes by default 2019-09-12 14:51:12 +02:00
system test: use env in shebang of system tests 2019-04-26 10:54:02 +02:00
unit hash: drop support for RIPEMD hash functions 2019-09-24 11:32:31 +02:00