Kurt Roeckx <k...@roeckx.be>:
> So I want to clarify this a little. As far as I know MD5 is actually
> broken for preimage resistance, but it's only slightly faster than
> bruce force. For SHA-1 it's only a reduced version that's broken. In
> the long run you should not trust them, but I don't think there is a
> reason to panic (if only preimage resistance is important).
>
> I have no idea how it's used in NTP. But I understand it's some
> kind of shared password? You should clearly look in how it's being
> used and if that actually makes sense. Maybe it needs more than
> just replacing the hash algorithm.
I'm not fully qualified to do that audit. Daniel Franke is.
Daniel? Can we get an opinion from our expert?
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
