On Thu, 11 Sept 2025 at 10:28, Vasilenko Eduard via NANOG <nanog@lists.nanog.org> wrote:
You are right again that MD5 is mostly used, not SHA-2, and nobody supports SHA-3. It was strange for me that the community does not pay attention to the NIST recommendation.
It just takes time. But if you have demand for SHA-3, you can absolutely use SHA-3 in TCP-AO, if you control both ends. And then you could write RFC for it, and ask vendors to support this RFC for TCP-AO.
Maybe because there are professionals (in this community) who deeply understand that MD5 is good enough (the previous big thread on MD5 is evidence). It is indeed making my complaints completely irrelevant. Going to sub-millisecond makes it irrelevant for the control plane.
It is already microseconds for the majority of cases.
SHA-2 and SHA-3 are used not only for networking, they are general. Hence, they were developed to be slow enough to prevent brute force for some other applications.
No they were not :(. The design called for as fast as it can be, for the more critical metrics it had. Preventing brute force by artificial cost was never a design goal. You have memory and time expensive hashes that do what you think SHA and MD5 do. -- ++ytti