A security review of three NTP implementations

Post Syndicated from corbet original https://lwn.net/Articles/735211/rss

The Core Infrastructure Initiative commissioned security audits of three
network time protocol (NTP) implementations (ntpd, NTPSec, and Chrony) and
has released
the results
. “From a security standpoint (and here at the CII we
are security people), Chrony was the clear winner between these three NTP
implementations. Chrony does not have all of the bells and whistles that
ntpd does, and it doesn’t implement every single option listed in the NTP
specification, but for the vast majority of users this will not matter. If
all you need is an NTP client or server (with or without reference clock),
which is all that most people need, then its security benefits most likely
outweigh any missing features.