Symmetricom Time Server User Manual

B-100

TimeVault™ User’s Manual

6000-100AppB.fm Rev. D

Appendix B: MD5 Authentication and NTP Broadcast Mode

Introduction to MD5

The MD5 message digest is 16 bytes in length and it follows the key identifier in the
signature. A server authenticates the NTP packet from a client by first looking up the key
by reference to the key identifier. It then generates the MD5 message digest based on the
key and the NTP data and compares the resulting message digest to the client packet’s
MD5 message digest. If the two compare, a NTP reply packet is generated with a new
MD5 signature. If the MD5 message digests do not agree, then the NTP client packet is
ignored by the Symmetricom server.

To use NTP Broadcast mode, you also need the following information:

• Maximum number of user definable MD5 keys in the “ntp.keys” file: 24

• Maximum number of trusted keys that can be defined in an “ntp.conf” file: 20

• Maximum number of keys that can be used in NTP broadcast mode: 20

• Maximum text length of MD5 key value in “ntp.keys”

file: 32 ASCII characters

For more technical information on MD5, see the MD5 RFC-1321, NTP RFC-1305, and
the release notes for NTP client software furnished by Dr. David Mills’ web site located at
the following Internet addresses at the University of Delaware:

http://www.eecis.udel.edu/~ntp
or
http://www.eecis.udel.edu/~ntp/software.html

All RFCs are published with approval of the Internet Activities Board, found on the Internet by

running any search engine and typing “RFC” in the search field (or “RFC-####” if you have the
number). Two such search engines can be found at the following Internet addresses:

http://www.lycos.com/

http://www.altavista.com/