5.1 Security Considerations for Implementers

The cryptographic hash utilized in the Server NTP Response message and associated processing is calculated using the Netlogon Remote Protocol (as specified in [MS-NRPC]) message protection methods. The methods use the MD5 algorithm, which is considered vulnerable to brute-force collision attacks. For more information on MD5 collisions, see [MD5Collision]. For this reason, clients and servers prefer the use of the ExtendedAuthenticator message formats (see sections 2.2.3 and 2.2.4).

NTP Authentication Extensions provide secure messages but do not prevent invalid ones. For example, when the NTP server's own time is misconfigured, a response message is sent with an invalid time to the client. Such an invalid response message could lead to the client being synchronized to an invalid time. The client checks the time difference between the client and the server, and synchronizes time only if the time difference is within some reasonable range.<29>