Subject: What mode does NTP use DES -or- whence the IV?
To: None <,,>
From: Michael C. Richardson <>
List: tech-net
Date: 12/28/1998 19:00:23
  I have been looking at reimplementing the authdes.c that is in xntp's
libntp. Given an exportable (from Canada) libdes, authdes.c appears to
be trivial, and it would be the first "product" from the intl tree that I'm
working on.

  Yes, I know that NTP version 4 does not have any export restrictions.
Probably, I'll try and import it afterwards. For now, this is just
annoying me since it should be trivial to do this.

  I'm just caught on a couple of unclear points:

	- it appears that DESauth_subkeys just needs to call des_set_key.
	It isn't clear if the "decryptkeys" are ever actually used.

	- DESauth_des claims that it should be in CBC mode. However, the
	use in the code that calls it, and the pseudo-code on page 64 of
	RFC1305 seems to suggest that chaining is done in the pseudo code. 

	- In either case, it isn't clear from rfc1305 what the IV should be.

   :!mcr!:            |  Network and security consulting/contract programming
   Michael Richardson |         Firewalls, TCP/IP and Unix administration
	ON HUMILITY: To err is human, to moo bovine.