Re: MD5 is slow

[Saku Ytti via NANOG <nanog () lists nanog org>]

On Thu, 11 Sept 2025 at 10:28, Vasilenko Eduard via NANOG
<nanog () lists nanog org> wrote:

> You are right again that MD5 is mostly used, not SHA-2, and nobody supports SHA-3.
> It was strange for me that the community does not pay attention to the NIST recommendation.

It just takes time. But if you have demand for SHA-3, you can
absolutely use SHA-3 in TCP-AO, if you control both ends. And then you
could write RFC for it, and ask vendors to support this RFC for
TCP-AO.

> Maybe because there are professionals (in this community) who deeply understand that MD5 is good enough (the previous 
> big thread on MD5 is evidence).
> It is indeed making my complaints completely irrelevant. Going to sub-millisecond makes it irrelevant for the control 
> plane.

It is already microseconds for the majority of cases.

> SHA-2 and SHA-3 are used not only for networking, they are general. Hence, they were developed to be slow enough to 
> prevent brute force for some other applications.

No they were not :(. The design called for as fast as it can be, for
the more critical metrics it had. Preventing brute force by artificial
cost was never a design goal. You have memory and time expensive
hashes that do what you think SHA and MD5 do.

-- 
  ++ytti
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/D5UETBRJKDWSNDZTUURXHF263BAOW3RC/