Hal Murray via devel writes: > Eric said: >> What could we say, other than: "Both MD5 and SHA-1 have been compromised. >> Don't trust either of the alternatives we actually support." :-) > > We support anything OpenSSL supports. It's just that ntpkeygen and all the > documentation hides it. > > From man dgst on Fedora: > openssl-dgst, dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, > sha512, md4, md5, blake2b, blake2s - message digests > > One of those must be good enough.
Whatever you use, it's still a fixed key that resides in clear text in some file that (hopefully) only root can read. Plus it must be distributed onto all machines that are expected to trust each other. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
