[149228] in North American Network Operators' Group
Re: MD5 considered harmful
daemon@ATHENA.MIT.EDU (David Barak)
Tue Jan 31 11:42:25 2012
Date: Tue, 31 Jan 2012 08:40:54 -0800 (PST)
From: David Barak <thegameiam@yahoo.com>
To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <CAB_zYdJa3c95P61OK2MBqK23Uf00LO2vnpj+3XtuzfTuyZyGKw@mail.gmail.com>
Reply-To: David Barak <thegameiam@yahoo.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
From: harbor235 <harbor235@gmail.com>=0A=0A> Also, It does not matter how m=
any attempts compromising a BGP session=0A> occurs, it only takes one, so w=
hy not nail it down.=0A=0ABecause downtime is a security issue too, and MD5=
is more likely to contribute to downtime (either via lost password, crypto=
load on CPU, or other) than the problem it purports to fix.=A0 The goal of=
a network engineer is to move packets from A -> B.=A0 The goal of a securi=
ty engineer is to keep that from happening.=A0 A business needs to weigh th=
e cost and benefit of any given approach, and MD5 BGP auth does not come ou=
t well in=A0the=A0of situations.=0A=0ADavid Barak=0A=0ANeed Geek Rock? Try =
The Franchise: http://www.listentothefranchise.com=0A
