nanog mailing list archives

Re: MD5 considered harmful

From: Grzegorz Janoszka <Grzegorz () Janoszka pl>
Date: Fri, 27 Jan 2012 23:11:50 +0100

On 27-01-12 21:52, Patrick W. Gilmore wrote:

Who would want to reset a BGP that will come back up in 30-90 seconds when you can packet an entire router off the 
'Net easier, more quickly, and for longer a period?


+1

Actually, when you have lot of MD5 BGP session coming up at the same
time (a connection to internet exchanges went up), you have longer
convergence time because of higher cpu load. MD5 offers no security
advantages and in some cases it causes more downtime by slowing down
convergence.

-- 
Grzegorz Janoszka

Current thread:

MD5? Brian Stengel (Jan 27)
- Re: MD5? Seth Mattinen (Jan 27)
  - Re: MD5? Christopher Morrow (Jan 27)
    - Re: MD5? Jon Lewis (Jan 27)
    - Re: MD5? Christopher Morrow (Jan 27)
    - MD5 considered harmful Patrick W. Gilmore (Jan 27)
    - Re: MD5 considered harmful Christopher Morrow (Jan 27)
    - Re: MD5 considered harmful Grzegorz Janoszka (Jan 27)
    - Re: MD5 considered harmful Jared Mauch (Jan 27)
    - Re: MD5 considered harmful Keegan Holley (Jan 27)
    - Re: MD5 considered harmful Jeff Wheeler (Jan 27)
    - Re: MD5 considered harmful Keegan Holley (Jan 27)
    - Re: MD5 considered harmful Zaid Ali (Jan 27)
    - Re: MD5 considered harmful Patrick W. Gilmore (Jan 27)
    - Re: MD5 considered harmful John Kristoff (Jan 30)
    - Re: MD5 considered harmful Keegan Holley (Jan 30)
    - Re: MD5 considered harmful harbor235 (Jan 31)
    - Re: MD5 considered harmful David Barak (Jan 31)

(Thread continues...)