MD5 proliferation statistics

Stephen J. Wilcox steve at telecomplete.co.uk
Fri May 7 09:34:59 UTC 2004



We requested md5 by emailing all our peers several weeks ago, responses have 
been steady.

We have 49% of peering sessions MD5 (thats 43% counted by ASN)

In general small ISPs and customers have been poor to respond with large ISPs 
and those operating ticket systems on their peering contact email being the 
best.

We've had very few inbound requests for md5.. and of those that we had they 
tended to be from large ISPs.

Steve

On Thu, 6 May 2004, Steve Gibbard wrote:

> Packet Clearing House has routers at a several exchange points, which we
> use to collect local snapshots of the routes available at the exchanges.
> To do this, we peer with as many of the participants at each exchange as
> possible.  We're mainly just collecting data, so route flaps aren't a huge
> problem for us.  We haven't been tracking down existing peers and asking
> them to configure MD5 passwords on the sessions.  We have been configuring
> MD5 passwords on sessions when asked, so we've got MD5 configured with
> peers who have asked for it, but not with peers who haven't.
> 
> As of Tuesday night, we had 244 peering sessions, of which 24 had MD5
> configured.  We configured MD5 on four more sessions yesterday, bringing
> the total to 28, and have one request that hasn't been completed yet, for
> a total of 29.
> 
> 29 out of 244 is roughly 12%.
> 
> I'm going to make two broad assumptions here: that those peers who have
> configured MD5 with us have configured MD5 with all their peers, and that
> those who haven't configured MD5 with us have been asked to by 12% of
> their peers.  I'm further going to assume that peers consistently
> configure MD5 when asked to, although I suspect that's a really bad
> assumption.
> 
> Therefore, we can assume that 12% of ISPs have all their peers configured
> with MD5, and that the remaining 88% have 12% of their peers configured
> with MD5, for a total of 22% of peering sessions having MD5 passwords.
> 
> I strongly suspect my assumption about the responsiveness of peers is
> wrong, and that the real number is somewhere between 12% and 22%.  It's
> also possible that my sample isn't representative enough, which would lead
> to further problems with accuracy.
> 
> I'm curious as to what sorts of response rates those who have been
> actively contacting peers to ask for MD5 configuration have been getting,
> as well as whether other networks that have not been being proactive about
> this have been seeing contact rates similar to ours.
> 
> -Steve Gibbard
> Packet Clearing House
> 




More information about the NANOG mailing list