[Bug 1039420] Re: NTP security vulnerability because not using authentication by default
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Oct 22 15:12:34 UTC 2014
Unfortunately, ntp autokey is broken and insecure, it can't be used to
provide any additional security.
http://zero-entropy.de/autokey_analysis.pdf
The only solution for the moment is for system administrators to set up
their own symmetric keys with their own ntp server.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1039420
Title:
NTP security vulnerability because not using authentication by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions
More information about the Ubuntu-server-bugs
mailing list