MD5 proliferation statistics

Steve Gibbard scg at
Thu May 6 18:03:37 UTC 2004

Packet Clearing House has routers at a several exchange points, which we
use to collect local snapshots of the routes available at the exchanges.
To do this, we peer with as many of the participants at each exchange as
possible.  We're mainly just collecting data, so route flaps aren't a huge
problem for us.  We haven't been tracking down existing peers and asking
them to configure MD5 passwords on the sessions.  We have been configuring
MD5 passwords on sessions when asked, so we've got MD5 configured with
peers who have asked for it, but not with peers who haven't.

As of Tuesday night, we had 244 peering sessions, of which 24 had MD5
configured.  We configured MD5 on four more sessions yesterday, bringing
the total to 28, and have one request that hasn't been completed yet, for
a total of 29.

29 out of 244 is roughly 12%.

I'm going to make two broad assumptions here: that those peers who have
configured MD5 with us have configured MD5 with all their peers, and that
those who haven't configured MD5 with us have been asked to by 12% of
their peers.  I'm further going to assume that peers consistently
configure MD5 when asked to, although I suspect that's a really bad

Therefore, we can assume that 12% of ISPs have all their peers configured
with MD5, and that the remaining 88% have 12% of their peers configured
with MD5, for a total of 22% of peering sessions having MD5 passwords.

I strongly suspect my assumption about the responsiveness of peers is
wrong, and that the real number is somewhere between 12% and 22%.  It's
also possible that my sample isn't representative enough, which would lead
to further problems with accuracy.

I'm curious as to what sorts of response rates those who have been
actively contacting peers to ask for MD5 configuration have been getting,
as well as whether other networks that have not been being proactive about
this have been seeing contact rates similar to ours.

-Steve Gibbard
Packet Clearing House

More information about the NANOG mailing list