[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail

Erwann ABALEA erwann at abalea.com
Tue Sep 6 01:46:43 PDT 2011


Le 6 sept. 2011 10:28, "ArkanoiD" <ark at eltex.net> a écrit :
>
> BTW are default NTP setups in major OS distributions secure out of the
box?

No. But the vast majority of public NTP servers are unauthenticated anyway.
That said, the "security" of NTP is confusing: MD5, 512 bits RSA keys,
private key formats with private elements set to 1 to transport public keys,
and it's difficult to achieve sub-millisecond accuracy with RSA signing
time, so it's done differently.
Some people even consider themselves safe because they have an NTP box
listening to GPS signals, ignoring that they can be  spoofed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110906/e5729619/attachment.html>


More information about the Observatory mailing list