MD5 considered harmful

Keegan Holley keegan.holley at
Fri Jan 27 23:46:41 UTC 2012

2012/1/27 Jeff Wheeler <jsw at>:
> On Fri, Jan 27, 2012 at 6:35 PM, Keegan Holley
> <keegan.holley at> wrote:
>> realizes that it's ok to let gig-e auto-negotiate.  I've never really
>> seen MD5 cause issues.
> I have run into plenty of problems caused by MD5-related bugs.
> 6500/7600 can still figure the MSS incorrectly when using it.  It used
> to be possible for that particular box to send over-sized frames out
> Ethernet ports with MD5 enabled, which of course were likely to be
> dropped by the neighboring router or switching equipment (perhaps even
> carrier Ethernet equipment.)  Obviously that can be a chore to
> troubleshoot.
> Sometimes we choose to use it.  Sometimes we don't.
> --

Bugs are a different argument though.  If you could call something
harmful because a single vendor codes it wrong there would be far
fewer windows users in the world. (I know it's friday, but please no
one change the subject to OS's)

More information about the NANOG mailing list