MD5 considered harmful

Grzegorz Janoszka Grzegorz at Janoszka.pl
Fri Jan 27 16:11:50 CST 2012


On 27-01-12 21:52, Patrick W. Gilmore wrote:
> Who would want to reset a BGP that will come back up in 30-90 seconds when you can packet an entire router off the 'Net easier, more quickly, and for longer a period?

+1

Actually, when you have lot of MD5 BGP session coming up at the same
time (a connection to internet exchanges went up), you have longer
convergence time because of higher cpu load. MD5 offers no security
advantages and in some cases it causes more downtime by slowing down
convergence.

-- 
Grzegorz Janoszka



More information about the NANOG mailing list