nanog mailing list archives

RE: MD5 is insecure

From: Gary Sparkes via NANOG <nanog () lists nanog org>
Date: Tue, 2 Sep 2025 17:39:18 +0000


Brent-

IOS device *foo* has authorized a(ny) key with MD5 *C,* an MD5 checksum of

public key *K1*. As stated in the other thread, *foo* only bases authn 
on if the *checksum* presented key matches *C*. *foo* does not store *K1* locally.
It does not use *C* to look up a local *K1*. The only course of action 
forward, given that ...*interesting* design choice, then is to use the 
key that the client presents - provided its checksum matches *C*. We 
agree on that, yes?


Yes.

Alice creates keypair *KP2*, with public key *K2*. Alice then pads 
junk to *K2*'s *n* until she reaches collision in the wire-packed form 
with
*C,* creating *Blob1*. Let's say Alice had to add 512 bytes to reach 
collision with *C*.


The key blob is *encoded* , not hashed. base64(x) can never equal base64(y), and therefore cannot collide.

!!! My understanding is different, that any colliding hash will match. 

If pubkey(value) 
Md5(value)

Equals the stored config value, then it approves it.
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/FH3WRFNYWDGQ2GVOSYJOGHSHMRCOXRWT/

Current thread:

Re: MD5 is insecure Tom Beecher via NANOG (Sep 02)
- RE: MD5 is insecure Gary Sparkes via NANOG (Sep 02)
- Re: MD5 is insecure brent saner via NANOG (Sep 02)
  - Re: MD5 is insecure brent saner via NANOG (Sep 02)
  - Re: MD5 is insecure Tom Beecher via NANOG (Sep 02)
    - Re: MD5 is insecure brent saner via NANOG (Sep 03)
    - Re: MD5 is insecure Tom Beecher via NANOG (Sep 03)
    - Re: MD5 is insecure brent saner via NANOG (Sep 03)
    - Re: MD5 is insecure nanog--- via NANOG (Sep 03)
    - Re: MD5 is insecure Saku Ytti via NANOG (Sep 04)
    - Re: MD5 is insecure Dan Mahoney via NANOG (Sep 04)
    - Re: MD5 is insecure Tom Beecher via NANOG (Sep 04)

(Thread continues...)