[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MD5?

Subject: MD5?
From: morrowc.lists at gmail.com (Christopher Morrow)
Date: Fri, 27 Jan 2012 15:35:28 -0500
In-reply-to: <[email protected]>
References: <CABLLS=M6n9Sye_OVeXZ-1a+LCfQ9KBTRFpUpmbhhEY_j6HNXhA@mail.gmail.com> <[email protected]> <CAL9jLaabYat3jDOXmUBqM=kfPbJaC05XbjONbEa9juqGaosLAg@mail.gmail.com> <[email protected]>

On Fri, Jan 27, 2012 at 3:32 PM, Jon Lewis <jlewis at lewis.org> wrote:
> On Fri, 27 Jan 2012, Christopher Morrow wrote:
>
>> lots of folks still use it yes. is it helpful? maybe? maybe not? is
>> this peering over a shared media (like a 10base-T hub).
>>
>> You might point out that you'll be enabling this, then promptly
>> writing the 'secret' on a large whiteboard in your noc... because
>> chances are the config won't include it in rancid and ... you don't
>> have a place to store these securely that's not prone also to outages
>> :(
>>
>> also, customers wander through your NOC, so...
>
>
> All that may be true, but still, the random hacker in Romania who wants in
> on their BGP session won't know the secret...probably.

1) that person doesn't exist
2) they need a LOT more info about what's going on anyway
3) I bet they will get a copy of the config from at least:
   a) vendor data sources
   b) ebay purchases of gear
   c) pwning a noc-worker and getting things done from there.

There are far better ways  to skin this cat.

Follow-Ups:
- MD5 considered harmful
  - From: patrick at ianai.net (Patrick W. Gilmore)
- MD5?
  - From: joelja at bogus.com (Joel jaeggli)

References:
- MD5?
  - From: bstengel at kinber.org (Brian Stengel)
- MD5?
  - From: sethm at rollernet.us (Seth Mattinen)
- MD5?
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- MD5?
  - From: jlewis at lewis.org (Jon Lewis)

Prev by Date: MD5?
Next by Date: MD5?
Previous by thread: MD5?
Next by thread: MD5 considered harmful
Index(es):
- Date
- Thread