MD5 considered harmful

Christopher Morrow morrowc.lists at gmail.com
Fri Jan 27 15:21:49 CST 2012


On Fri, Jan 27, 2012 at 3:52 PM, Patrick W. Gilmore <patrick at ianai.net> wrote:
> MD5 on BGP sessions is the canonical example of a cure worse than the disease.  There has been /infinitely/ more downtime caused by MD5 than the mythical attack it protects again.  (This is true because anything times zero is still zero.)
>

I don't disagree with patrick here... but 'infinitely more', is hard
to measure :) "Most likely there have been far more lengthy outages
due to lost/changed/incorrect key material than were caused by the
problem this is meant to solve for."

-chris

> It is



More information about the NANOG mailing list