nanog mailing list archives

Re: MD5?

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Fri, 27 Jan 2012 15:35:28 -0500

On Fri, Jan 27, 2012 at 3:32 PM, Jon Lewis <jlewis () lewis org> wrote:

On Fri, 27 Jan 2012, Christopher Morrow wrote:

lots of folks still use it yes. is it helpful? maybe? maybe not? is
this peering over a shared media (like a 10base-T hub).

You might point out that you'll be enabling this, then promptly
writing the 'secret' on a large whiteboard in your noc... because
chances are the config won't include it in rancid and ... you don't
have a place to store these securely that's not prone also to outages
:(

also, customers wander through your NOC, so...



All that may be true, but still, the random hacker in Romania who wants in
on their BGP session won't know the secret...probably.


1) that person doesn't exist
2) they need a LOT more info about what's going on anyway
3) I bet they will get a copy of the config from at least:
   a) vendor data sources
   b) ebay purchases of gear
   c) pwning a noc-worker and getting things done from there.

There are far better ways  to skin this cat.

Current thread:

MD5? Brian Stengel (Jan 27)
- Re: MD5? Seth Mattinen (Jan 27)
  - Re: MD5? Christopher Morrow (Jan 27)
    - Re: MD5? Jon Lewis (Jan 27)
    - Re: MD5? Christopher Morrow (Jan 27)
    - MD5 considered harmful Patrick W. Gilmore (Jan 27)
    - Re: MD5 considered harmful Christopher Morrow (Jan 27)
    - Re: MD5 considered harmful Grzegorz Janoszka (Jan 27)
    - Re: MD5 considered harmful Jared Mauch (Jan 27)
    - Re: MD5 considered harmful Keegan Holley (Jan 27)
    - Re: MD5 considered harmful Jeff Wheeler (Jan 27)
    - Re: MD5 considered harmful Keegan Holley (Jan 27)
    - Re: MD5 considered harmful Zaid Ali (Jan 27)
    - Re: MD5 considered harmful Patrick W. Gilmore (Jan 27)
    - Re: MD5 considered harmful John Kristoff (Jan 30)

(Thread continues...)