nanog mailing list archives

Re: MD5 considered harmful

From: David Barak <thegameiam () yahoo com>
Date: Tue, 31 Jan 2012 08:40:54 -0800 (PST)

From: harbor235 <harbor235 () gmail com>

Also, It does not matter how many attempts compromising a BGP session
occurs, it only takes one, so why not nail it down.


Because downtime is a security issue too, and MD5 is more likely to contribute to downtime (either via lost password, 
crypto load on CPU, or other) than the problem it purports to fix.  The goal of a network engineer is to move packets 
from A -> B.  The goal of a security engineer is to keep that from happening.  A business needs to weigh the cost and 
benefit of any given approach, and MD5 BGP auth does not come out well in the of situations.

David Barak

Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com

Current thread:

Re: MD5 considered harmful, (continued)
- - - Re: MD5 considered harmful Grzegorz Janoszka (Jan 27)
    - Re: MD5 considered harmful Jared Mauch (Jan 27)
    - Re: MD5 considered harmful Keegan Holley (Jan 27)
    - Re: MD5 considered harmful Jeff Wheeler (Jan 27)
    - Re: MD5 considered harmful Keegan Holley (Jan 27)
    - Re: MD5 considered harmful Zaid Ali (Jan 27)
    - Re: MD5 considered harmful Patrick W. Gilmore (Jan 27)
    - Re: MD5 considered harmful John Kristoff (Jan 30)
    - Re: MD5 considered harmful Keegan Holley (Jan 30)
    - Re: MD5 considered harmful harbor235 (Jan 31)
    - Re: MD5 considered harmful David Barak (Jan 31)
    - Re: MD5 considered harmful Nick Hilliard (Jan 31)
    - Re: MD5 considered harmful harbor235 (Jan 31)
    - Re: MD5 considered harmful Lee (Jan 31)
    - Re: MD5? Joel jaeggli (Jan 27)
    - RE: MD5? George Bonser (Jan 27)