I got some clarification from Engineering. They confirmed that the supported key length is up to 32 characters for HMAC-SHA256. They are researching a plan to change support key lengths of 64.
-- David
Router(config)#ntp authentication-key ...
Roger:
This is very interesting. I will pass it along to engineering. I did get some feedback from the developers,
"All NTP authentication methods are disabled by default. They can be enabled by the user when needed.
Users have the option to use SH...
I think we need to see standardization for other HMACs that are secure. See especially the following extension to NTPv4:
Message Authentication Code for the Network Time Protocoldraft-ietf-ntp-mac-06
which provides definitions for AES-CMAC and SHA256...