nanog mailing list archives

Re: MD5 is slow

From: Jay Acuna via NANOG <nanog () lists nanog org>
Date: Fri, 5 Sep 2025 16:57:58 -0500

On Fri, Sep 5, 2025 at 3:34 PM Randy Bush via NANOG
<nanog () lists nanog org> wrote:

I have a temptation to ask: why hash in the first place?


back in the day, the kiddies had sport by sending RSTs against BGP
sessions.  pretty much any hash with a key space of 48+ bits was
sufficient to raise the bar.  md5 was cheap and easy.

For the case of BGP, your better option is Rfc3682 + use graceful restarts.
Peering providers & customers would preferably deny forwarding
outgoing BGP packets
from outside the link onto a direct link that don't originate between
the peers connected to that same direct link -- essentially, deny
spoofed packets
within your routing policy.

On modern hardware; I've seen figures for MD5 computations at 82,000
Million hashes/second
for the RTX 4090. You shouldn't have much a bandwidth or latency
issue due to md5 with
modern silicon.

The MD5 option is still perfectly effective against online attacks,
And the weakness of MD5 becomes irrelevent.

It won't ever be really insecure, since random internet users attempting to
inject spoofed RSTs to your application from outside your network will not have
a copy of your packets, nor your exact config file.

The former requires physical access or remote control of a peer to obtain.
An attacker possessing the latter would suggest they got your md5 key anyways
(the key for md5 has to be stored with reversible encryption or plaintext).

But no, Any attacker would be spitting packets blindly, not having a
sample that tells them which
hash value they are actually trying to recreate, and the limiting
factor is not how quickly they
can try to break MD5, but how many packets they can actually emit per second
& hope that they guessed the key right on one packet.

If that is billions of packets per second, then they will cause a DoS
due to too many packets per
second eons before they have a good chance at guessing a random md5 key.

--
-JA
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/6PXUVUJFASJ7YJG52UTHO7O6ERP2FIGG/

Current thread:

Re: MD5 is fast, (continued)
- - - Re: MD5 is fast nanog--- via NANOG (Sep 08)
    - Re: MD5 is fast Owen DeLong via NANOG (Sep 08)
    - Re: MD5 is slow Jay Acuna via NANOG (Sep 08)
- Re: MD5 is slow Dan Collins via NANOG (Sep 05)
- Re: MD5 is slow brent saner via NANOG (Sep 05)
- Re: MD5 is slow Jay Acuna via NANOG (Sep 05)
  - RE: MD5 is slow Vasilenko Eduard via NANOG (Sep 08)
    - Re: MD5 is slow Jeffrey Haas via NANOG (Sep 08)
- Re: MD5 is slow Randy Bush via NANOG (Sep 05)
  - Re: MD5 is slow Randy Bush via NANOG (Sep 05)
  - Re: MD5 is slow Jay Acuna via NANOG (Sep 05)