ntp-keygen -M generates keys of 20 characters, yet docs for ntp-keygen state up 16 characters

[jni...@brocade.com]

All,
I have a very dumb question, regarding what information is correct,
and what is not.
The documention states that MD5keys will be lss then or equal to 16
characters in length, and consist of a printable ASCII characters and
be terminated by whitespace or #. Yet the output of 'ntp-keygen -M',
and the examples shown in the documentation are all 20 characters in
length. Can anyone explain the difference, and what is the correct
length for the md5 keys?
Thanks,
Jason Nixon, Test Engineer, Brocade Communications.

From http://www.eecis.udel.edu/~mills/ntp/html/keygen.html
4th paragraph up from the bottom.
An MD5 key consists of a printable ASCII string less than or equal to
16 characters and terminated by whitespace or a # character. An
OpenSSL key consists of a hex-encoded ASCII string of 40 characters,
which is truncated as necessary.
Yet the Figure 1.shows the MD5 keys 1 to 10, with a length of 20
characters

From http://www.eecis.udel.edu/~mills/ntp/html/authentic.html
Bottom section.
Each line consists of three fields, the key identifier as a decimal
number from 1 to 65,534 inclusive, a key type chosen from the keywords
of the digest option of the crypto command, and a 20-character
printable ASCII string or a 40-character hex string as the key itself.
(Figure 1. again shows the Md5 keys with a length of 20 characters)
Figure 1 shows a typical keys file used by the reference
implementation. In the case of MD5, the key consists of 16 characters
randomized over the ASCII printing codes The string can be edited
later for a password, for instance as 2late4Me for key ID 10. For
message digest algorithms other than MD5, the key is a 20-octet (40
hex digits) random hex string.

File Generated by ntp-keygen -M on my local linux box.
user@ubuntu-vm:~$ cat ntpkey_md5_ubuntu-vm
# ntpkey_MD5key_ubuntu-vm.3526065526
# Mon Sep 26 15:38:46 2011

1 MD5 Z7b^xp"P"zfV{2hzphB- # MD5 key
2 MD5 07i:z$t2'u>vGXpA|U^' # MD5 key
3 MD5 4|BoCdm;S-A1]a>xrcMJ # MD5 key
4 MD5 <202+D0-6lHe'BR&jJ}z # MD5 key
5 MD5 )"^V3\x$5f?%QB|{uNr& # MD5 key
6 MD5 p`~x<G%fBPMGQimG5%$M # MD5 key
7 MD5 Od'bc4Y6Cq+ls`k>5U{= # MD5 key
8 MD5 !KYuwttcZD"16BUh>^st # MD5 key
9 MD5 U)<bIzJ6Dpe$Af(AQf2* # MD5 key
10 MD5 {tu$EhsRU+CeBcC;jq<_ # MD5 key
11 SHA1 e1db4c6739a9f6c955c6a7bdece5ed7520ae9692 # SHA1 key
12 SHA1 801b3412a573fb87080e5cdde2131a57b9d0670b # SHA1 key
13 SHA1 84f8417f2dcc9a5844fc0e4ab0065de2eac39f48 # SHA1 key
14 SHA1 c2e6d09265fba51f8f4d2fb7c726e3751d429d59 # SHA1 key
15 SHA1 98e929375acd6e0fccda82cf036e10e8a5abfc5f # SHA1 key
16 SHA1 b7fd0547b80a40272a7a75849cb6c9da2a194462 # SHA1 key
17 SHA1 c15c91fd9437d30157ff4af820408e3a1661f8a5 # SHA1 key
18 SHA1 b5e6899011d7662cc2f47aaff96935832fef6822 # SHA1 key
19 SHA1 2b44f1934c089f3ae0fcf36ebced0f8594ed1502 # SHA1 key
20 SHA1 0fc96ae11034e36c7370f94d40b3249d0862e914 # SHA1 key
user@ubuntu-vm:~$

[Dave Hart]

On Mon, Sep 26, 2011 at 23:58, <jni...@brocade.com> wrote:
> The documention states that MD5keys will be lss then or equal to 16
> characters in length, and consist of a printable ASCII characters and
> be terminated by whitespace or #. Yet the output of 'ntp-keygen -M',
> and the examples shown in the documentation are all 20 characters in
> length. Can anyone explain the difference, and what is the correct
> length for the md5 keys?

I hope Dr. Mills will respond directly, but I can tell you what the
code actually does in 4.2.6/4.2.7. For quite some time, MD5 was the
only digest algorithm implemented by ntpd, ntpdc, and ntpq for
symmetric authentication. MD5 digests (hashes) are 16 bytes in
length. Late in the 4.2.5 (ntp-dev) period, the reference
implementation added support for using any digest algorithm your
OpenSSL library provides, when built to use OpenSSL (as is default).
Without OpenSSL, ntpd still provides MD5-only symmetric
authentication. Most of these newly-available-to-ntpd digest
algorithms, such as SHA1, generate 20 byte digests.

The digest size is not the same as the key length, but the two are
related. If there are 20 bytes of digest signing my
SHA1-authenticated NTP traffic, I want at least 20 bytes of key
material to make cracking my key as difficult as possible. The same
goes for MD5, you should want at least 16 bytes of key material,
though more is better.

At the time ntpd and friends began supporting 20-byte digests,
ntp-keygen was changed to generate 20-byte keys, rather than 16.

ntp.keys and ntp-keygen reflect two ways of encoding key material,
directly as ASCII and encoded as hex. The hex encoding can represent
all 8 bits per byte, while the printable/keyable ASCII form
necessarily carries less than 8 bits of information. Note that
ntp.keys is used by ntpd, but not by ntpq nor ntpdc, which require
symmetric authentication of some operations. When configuring
symmetric authentication between ntpd instances, use the more secure
hex output of ntp-keygen. When configuring keys for use by ntpq or
ntpdc, the printable ASCII form should be used, as the same key (in
this context, password) must be typed or pasted to ntpq/ntpdc or
provided on their command line.

When ntpd reads ntp.keys, the length of the provided key material
determines its treatment. If it is 20 characters or less, it is
treated as ASCII and used directly as the binary key material. If it
is 21 characters or more, up to 40 characters are decoded from hex
resulting in up to 20 bytes of binary key material. No matter the
encoding, no more than 20 bytes of key material are used.

Cheers,
Dave Hart