nanog mailing list archives

Re: MD5 is slow

From: Jeffrey Haas via NANOG <nanog () lists nanog org>
Date: Mon, 8 Sep 2025 15:03:27 -0400

On Sep 8, 2025, at 3:26 AM, Vasilenko Eduard via NANOG <nanog () lists nanog org> wrote:

Sorry. It looks like I was not clear enough. My question was not related to the discussed MD5 strength that occurred 
during the last week.
Public key is not needed very often, no need to pay attention to the speed of fingerprint generation.
I was talking about Hash usage in many networking protocols, where it delays a network control plane message.

You'd have to be clearer about what protocol and what hash you're asking after.

Two of the common cases where such things show up is for authentication and for integrity checks.

For authentication in control protocols, the balance you're looking for is being able to do the operation fast enough
for expected traffic load among all of the other work being done by the system. If you're lucky, you might have
hardware support for the cryptographic operation. For control planes, sometimes it's just the router's general purpose
CPU. Easy examples of this sort of thing are the authentication fields for the IGPs, or for TCP-MD5/TCP-AO used by
BGP, LDP, etc.

For integrity checks, you have a set of data you're trying to provide a short-hand as to whether it's been passed
around intact. You'll often see this for detached file signatures, although protocols may do similar things for
internal checksum purposes as well.

Cryptography of any sort can be an attack on the device implementing it. Use expensive ciphers and do volumetric
attacks that cause that code to run, you'll burn CPU in some cases. Most protocols try to do the cryptographic checks
far down their validation procedures.

A regular conversation for BFD, as an example, is how often you want to do some bit of cryptography. Line card CPUs
are usually puny and MIGHT have access to some hardware support for common ciphers like MD5/SHA-1/SHA-2. BFD sends
tiny packets often some tens of ms apart. Now scale that up to a potentially large number of session on a line card.
Using better ciphers, if you want authentication (many don't) gets expensive, so there's need to potentially think
differently about when you do it. For example:

https://datatracker.ietf.org/doc/html/draft-ietf-bfd-optimizing-authentication

-- Jeff

_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/5TO3EN2JS7YO4CVNTPLY56ZO7VAUQ55Y/

Current thread:

Re: MD5 is slow, (continued)
- Re: MD5 is slow Saku Ytti via NANOG (Sep 05)
  - RE: MD5 is slow Vasilenko Eduard via NANOG (Sep 08)
    - Re: MD5 is slow Saku Ytti via NANOG (Sep 08)
    - Re: MD5 is fast nanog--- via NANOG (Sep 08)
    - Re: MD5 is fast Owen DeLong via NANOG (Sep 08)
    - Re: MD5 is slow Jay Acuna via NANOG (Sep 08)
- Re: MD5 is slow Dan Collins via NANOG (Sep 05)
- Re: MD5 is slow brent saner via NANOG (Sep 05)
- Re: MD5 is slow Jay Acuna via NANOG (Sep 05)
  - RE: MD5 is slow Vasilenko Eduard via NANOG (Sep 08)
    - Re: MD5 is slow Jeffrey Haas via NANOG (Sep 08)
- Re: MD5 is slow Randy Bush via NANOG (Sep 05)
  - Re: MD5 is slow Randy Bush via NANOG (Sep 05)
  - Re: MD5 is slow Jay Acuna via NANOG (Sep 05)