Sounds like we want a well thought out plan in place in case there is a screw up with an org's lack of planning and management capabilities.......... Mike On Tue, Jan 31, 2012 at 12:56 PM, Nick Hilliard <nick@foobar.org> wrote:
On 31/01/2012 16:40, David Barak wrote:
Because downtime is a security issue too, and MD5 is more likely to contribute to downtime (either via lost password, crypto load on CPU, or other) than the problem it purports to fix. The goal of a network engineer is to move packets from A -> B. The goal of a security engineer is to keep that from happening. A business needs to weigh the cost and benefit of any given approach, and MD5 BGP auth does not come out well in the of situations.
cpu load is negligible and is done in hardware on several platforms. Lost passwords can occur but if you have properly stored configuration backups, they shouldn't be a major problem. Also, they can be trivially decrypted from C/J configuration files.
From my point of view, MD5 passwords serve two purposes:
1. they prevent intentional session hijacking at IXPs when IP addresses get re-used and new IP address assignees suddenly notice that some people haven't torn down their old BGP sessions to the previous users of the address
2. they can be used to convince security auditors that the network is secure and that they can now sod off and stop harassing me, kthxbai
Other people may have other reasons for liking / not liking them.
Nick