MD5 considered harmful
thegameiam at yahoo.com
Tue Jan 31 10:40:54 CST 2012
From: harbor235 <harbor235 at gmail.com>
> Also, It does not matter how many attempts compromising a BGP session
> occurs, it only takes one, so why not nail it down.
Because downtime is a security issue too, and MD5 is more likely to contribute to downtime (either via lost password, crypto load on CPU, or other) than the problem it purports to fix. The goal of a network engineer is to move packets from A -> B. The goal of a security engineer is to keep that from happening. A business needs to weigh the cost and benefit of any given approach, and MD5 BGP auth does not come out well in the of situations.
Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com
More information about the NANOG