MD5 considered harmful

David Barak thegameiam at yahoo.com
Tue Jan 31 10:40:54 CST 2012


From: harbor235 <harbor235 at gmail.com>

> Also, It does not matter how many attempts compromising a BGP session
> occurs, it only takes one, so why not nail it down.

Because downtime is a security issue too, and MD5 is more likely to contribute to downtime (either via lost password, crypto load on CPU, or other) than the problem it purports to fix.  The goal of a network engineer is to move packets from A -> B.  The goal of a security engineer is to keep that from happening.  A business needs to weigh the cost and benefit of any given approach, and MD5 BGP auth does not come out well in the of situations.

David Barak

Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com


More information about the NANOG mailing list