MD5 considered harmful

David Barak thegameiam at
Tue Jan 31 16:40:54 UTC 2012

From: harbor235 <harbor235 at>

> Also, It does not matter how many attempts compromising a BGP session
> occurs, it only takes one, so why not nail it down.

Because downtime is a security issue too, and MD5 is more likely to contribute to downtime (either via lost password, crypto load on CPU, or other) than the problem it purports to fix.  The goal of a network engineer is to move packets from A -> B.  The goal of a security engineer is to keep that from happening.  A business needs to weigh the cost and benefit of any given approach, and MD5 BGP auth does not come out well in the of situations.

David Barak

Need Geek Rock? Try The Franchise:

More information about the NANOG mailing list