[time-nuts] Time security musing - attacking the clock itself

Hal Murray hmurray at megapathdsl.net
Tue Dec 4 02:53:26 UTC 2012


albertson.chris at gmail.com said:
> Is NTP not secure.  I know it can be secured but I think in practice people
> disable passwords. 

The default in most distributions and most servers is no crypto.  So it's not 
that anybody disables authentication but doesn't go through all the work to 
enable it.

NIST has an experimental program to use crypto.
  http://www.nist.gov/pml/div688/grp40/auth-ntp.cfm


-- 
These are my opinions.  I hate spam.






More information about the time-nuts mailing list