Subject: Re: What mode does NTP use DES -or- whence the IV?
To: Michael C. Richardson <>
From: Dave Mills <>
List: tech-net
Date: 12/29/1998 11:16:13

I have had enough of DES and drat ITAR regulations, which is why I punt
and refer to the RSA Labs rsaref20 package. Also, I regard NTPv3
(xntpd) as a dead horse and that it probablly is not worth it, unless
its your hobby, to monkey with the NTPv3 crypto algorithms. There was
a time some 12 years ago when Phil Karn and I and a few others had some
contest who could write the fastest DES algorithm. Mine was in PDP11
assembly code for the Fuzzball and while elegant not very fast. The
one in the NTPv3 distribution is, I believe, Phil's. Having said that,
I am not thrilled to retravel the tortuous logic that led to the now
discarded crypto interface in that dead horse. So, you are on your own.

Canada, as signatory to CONUS is, I believe, bound to the same ITAR
regulations as the US. If you can export DES and I can't, then I can't
export to you. Since I know for a fact I can, I don't think you can.
Why bother? Finland and Australia have both "re-invented" authdes.c.
The bottom line is that you don't need DES for a cryptographically
secure NTP.