Re: [chrony-dev] replace md5 with SHA

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


One point is to use the standard (ie the one Lichvar already set up, and presumably works) to make sure that things work with that. If not there must be some problem with the communcation between your servers and clients. Then, when you have that working, you can then try your own version of sha. If it now does not work, you have issolated the problem to your implimentaation. Right now you have no idea if the problem is with your implmentation, or with
the communication with server. Ie, right now worrying about how you are going
to package this in the smallest package is not a worthwhile worry. How to get
things to work is what you need to do now.

William G. Unruh   |  Canadian Institute for|     Tel: +1(604)822-3273
Physics&Astronomy  |     Advanced Research  |     Fax: +1(604)822-5324
UBC, Vancouver,BC  |   Program in Cosmology |     unruh@xxxxxxxxxxxxxx
Canada V6T 1Z1     |      and Gravity       |  www.theory.physics.ubc.ca/

On Sun, 12 Jun 2016, Earlence Fernandes wrote:


I'm using the wolf SSL implementation of sha1. I've compiled in wolf SSL. The ntp server is ntp
classic on Ubuntu. I had first tested md5 to make sure I have setup things correctly. Then I
switched the server to use sha1. I don't want tomcrypt coz I already have wolf SSL on my diy
embedded system and flash space is of utmost importance.

Earlence

On Jun 12, 2016 12:09 AM, "Bill Unruh" <unruh@xxxxxxxxxxxxxx> wrote:
      The hash HAS to be shared  between server and client. Are you sure that the
      serverrs you are trying to use understand sha? (and ae you sure that your own
      sha actually correctly impliments the algorithm?-- How?)
      And why would you not want to use a version which has been well tested?
      YOu decide to do something on your own and then shout for help when you fall
      off the cliff and of course have given vitually no information about the route
      you have taken.

      Perhaps if you were to give the reasons why you would want to do this people
      could help you accomplish your goals instead of rescuing you from unknown
      troubles.


      William G. Unruh   |  Canadian Institute for|     Tel: +1(604)822-3273
      Physics&Astronomy  |     Advanced Research  |     Fax: +1(604)822-5324
      UBC, Vancouver,BC  |   Program in Cosmology |     unruh@xxxxxxxxxxxxxx
      Canada V6T 1Z1     |      and Gravity       |  www.theory.physics.ubc.ca/

      On Sat, 11 Jun 2016, Earlence Fernandes wrote:

            I am trying to replace MD5 hashing with SHA1 hashing, but I don't want
            to take a dependency on
            libtomcrypt.
            I got my own SHA1 standalone file similar what chronyd does now for
            MD5.

            I modified configure to set HASH_OBJ="hash_intsha.o"

            where hash_intsha.c is my source file.

            In that file, I have basically copied the structure of hash_intmd5 but
            replaced it with calls
            to my own SHA routines (ofcourse, changing the sha size from 16 to 20
            by 160bit SHA1)

            I compile this stuff with sechash disabled and --without-tomcrypt. 

            However, the daemon cannot get the time. It runs for a while, and then
            exits with "No suitable
            source for sync.." (I run it with chronyd -q)

            I had tested chronyd with MD5 and my own NTP server which serves auth
            packets, and it worked
            fine. Now I've changed everything to SHA like the above, but it does
            not work. Any ideas why?

            -Earlence




Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/