<P> NTPsec is a fork of the reference implementation that has been systematically security - hardened . The fork point was in June 2015 and was in response to a rash of compromises in 2014; as of 2017, the software is in beta testing . Between removal of unsafe features, removal of support for obsolete hardware, and removal of support for obsolete Unix variants, NTPsec has been able to pare away 60% of the original codebase, making the remainder more auditable . </P> <P> Chrony comes by default in Red Hat distributions and is available in the Ubuntu repositories . Chrony is aimed at ordinary computers, which are unstable, go into sleep mode or have intermittent connection to the Internet . Chrony is also designed for virtual machines, a much more unstable environment . It is characterized by low resource consumption (cost) and supports PTP as well as NTP . It has two main components: chronyd a daemon that is executed when the computer starts and chronyc a command line interface to the user for its configuration . It has been evaluated as very safe and with just a few incidents, its advantage is the versatility of its code, written from scratch to avoid the complexity of code . Chrony is written under GNU General Public License version 2, was created by Richard Curnow in 1997 with others along time and is currently maintained by Miroslav Lichvar, development supported by Red Hat Software . </P> <P> On the day of a leap second event, ntpd receives notification from either a configuration file, an attached reference clock, or a remote server . Because of the requirement that time must appear to be monotonically increasing, a leap second is inserted with the sequence 23: 59: 59, 23: 59: 60, 00: 00: 00 . Although the clock is actually halted during the event, any processes that query the system time cause it to increase by a tiny amount, preserving the order of events . If a negative leap second should ever become necessary, it would be deleted with the sequence 23: 59: 58, 00: 00: 00, skipping 23: 59: 59 . </P> <P> Several security concerns arose in late 2014 . Previously, researchers became aware that NTP servers can be susceptible to man - in - the - middle attacks unless packets are cryptographically signed for authentication . The computational overhead involved can make this impractical on busy servers, particularly during denial of service attacks . NTP message spoofing can be used to move clocks on client computers and allow a number of attacks based on bypassing of cryptographic key expiration . Some of the services affected by fake NTP messages identified are TLS, DNSSEC, various caching schemes (such as DNS cache), BGP, Bitcoin and a number of persistent login schemes . </P>

Which statements are true about simple network time protocol (sntp)