MD5 considered harmful

Jeff Wheeler jsw at inconcepts.biz
Fri Jan 27 23:43:06 UTC 2012


On Fri, Jan 27, 2012 at 6:35 PM, Keegan Holley
<keegan.holley at sungard.com> wrote:
> realizes that it's ok to let gig-e auto-negotiate.  I've never really
> seen MD5 cause issues.

I have run into plenty of problems caused by MD5-related bugs.

6500/7600 can still figure the MSS incorrectly when using it.  It used
to be possible for that particular box to send over-sized frames out
Ethernet ports with MD5 enabled, which of course were likely to be
dropped by the neighboring router or switching equipment (perhaps even
carrier Ethernet equipment.)  Obviously that can be a chore to
troubleshoot.

Sometimes we choose to use it.  Sometimes we don't.

-- 
Jeff S Wheeler <jsw at inconcepts.biz>
Sr Network Operator  /  Innovative Network Concepts




More information about the NANOG mailing list