[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Erwann ABALEA
erwann at abalea.com
Tue Sep 6 01:46:43 PDT 2011
Le 6 sept. 2011 10:28, "ArkanoiD" <ark at eltex.net> a écrit :
>
> BTW are default NTP setups in major OS distributions secure out of the
box?
No. But the vast majority of public NTP servers are unauthenticated anyway.
That said, the "security" of NTP is confusing: MD5, 512 bits RSA keys,
private key formats with private elements set to 1 to transport public keys,
and it's difficult to achieve sub-millisecond accuracy with RSA signing
time, so it's done differently.
Some people even consider themselves safe because they have an NTP box
listening to GPS signals, ignoring that they can be spoofed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110906/e5729619/attachment.html>
More information about the Observatory
mailing list