MD5 considered harmful

Jeff Wheeler jsw at
Fri Jan 27 23:43:06 UTC 2012

On Fri, Jan 27, 2012 at 6:35 PM, Keegan Holley
<keegan.holley at> wrote:
> realizes that it's ok to let gig-e auto-negotiate.  I've never really
> seen MD5 cause issues.

I have run into plenty of problems caused by MD5-related bugs.

6500/7600 can still figure the MSS incorrectly when using it.  It used
to be possible for that particular box to send over-sized frames out
Ethernet ports with MD5 enabled, which of course were likely to be
dropped by the neighboring router or switching equipment (perhaps even
carrier Ethernet equipment.)  Obviously that can be a chore to

Sometimes we choose to use it.  Sometimes we don't.

Jeff S Wheeler <jsw at>
Sr Network Operator  /  Innovative Network Concepts

More information about the NANOG mailing list