On Wed, 10 Sept 2025 at 13:01, Vasilenko Eduard via NANOG <nanog@lists.nanog.org> wrote:
IMHO: Then it was bad design. The source text is visible if a hash is used for the signature. Only the password is not known.
Please make a serious attempt in trying to understand how applications are different. Try to understand why unix passwords benefit from slow hash. You only have the password hash as output, any input that provides same hash, is equivalent. So any collision you find, you have exactly the same problem and serious problem. MD5 or SHA in BGP, ISIS, OSPF are not like this. There isn't even necessarily guarantee that useful collisions exist, as you may not have enough bits that can have arbitrary value while keeping PDU valid and conducive towards your attack vector. Most collisions would be garbage, where PDU is rejected. Therefore even if we assume we could cause MD5, SHA collisions, it wouldn't still matter. You have good rationale in wanting slow hash, but you struggle to understand why not all applications are about hashing 8byte secrets. -- ++ytti