[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MD5 considered harmful

Subject: MD5 considered harmful
From: morrowc.lists at gmail.com (Christopher Morrow)
Date: Fri, 27 Jan 2012 16:21:49 -0500
In-reply-to: <[email protected]>
References: <CABLLS=M6n9Sye_OVeXZ-1a+LCfQ9KBTRFpUpmbhhEY_j6HNXhA@mail.gmail.com> <[email protected]> <CAL9jLaabYat3jDOXmUBqM=kfPbJaC05XbjONbEa9juqGaosLAg@mail.gmail.com> <[email protected]> <CAL9jLaah5USAPA50SgxLyTi2sdQdpCrP_mzf3sPGBw1jMLDksQ@mail.gmail.com> <[email protected]>

On Fri, Jan 27, 2012 at 3:52 PM, Patrick W. Gilmore <patrick at ianai.net> wrote:
> MD5 on BGP sessions is the canonical example of a cure worse than the disease. ?There has been /infinitely/ more downtime caused by MD5 than the mythical attack it protects again. ?(This is true because anything times zero is still zero.)
>

I don't disagree with patrick here... but 'infinitely more', is hard
to measure :) "Most likely there have been far more lengthy outages
due to lost/changed/incorrect key material than were caused by the
problem this is meant to solve for."

-chris

> It is

References:
- MD5?
  - From: bstengel at kinber.org (Brian Stengel)
- MD5?
  - From: sethm at rollernet.us (Seth Mattinen)
- MD5?
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- MD5?
  - From: jlewis at lewis.org (Jon Lewis)
- MD5?
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- MD5 considered harmful
  - From: patrick at ianai.net (Patrick W. Gilmore)

Prev by Date: MD5 considered harmful
Next by Date: 10GE TOR port buffers (was Re: 10G switch recommendaton)
Previous by thread: MD5 considered harmful
Next by thread: MD5 considered harmful
Index(es):
- Date
- Thread