1

While performing a vulnerability assessment, I stumbled upon RIPv1 poisoning routing table attacks. The recommendation is to use RIPv2 with MD5 authentication. The idea is that the routes need to be authenticated by a password before becoming active.

Isn't MD5 broken? I feel unsure in recommending this to the client, is this insecure?

Anderson
  • 475
  • 6
  • 12
  • Related: https://security.stackexchange.com/questions/87375/why-are-md5-and-sha-1-still-used-for-checksums-and-certificates-if-they-are-call – Tom K. Aug 27 '18 at 15:06

2 Answers2

2

MD5 was never broken, but it was discovered there could be generated collisions hence weakening it.

I would suggest OSPFv3, it allows SHA or MD5.

OSPF is not as simple as RIP, it is intended for more complex networkings, but IMHO would be a very good choice complexity/authentication security.

This is a sample cisco config using SHA-512 (source)

interface GigabitEthernet 0/0
 ospfv3 1 ipv4 authentication key-chain ospf-1
 router ospfv3 1
  address-family ipv6 unicast vrf vrf1
   area 1 authentication key-chain ospf-1
   area 1 virtual-link 1.1.1.1 authentication key-chain ospf-1
   area 1 sham-link 1.1.1.1 authentication key-chain ospf-1
   authentication mode deployment     
!
key chain ospf-1
key 1
   key-string ospf
   cryptographic-algorithm hmac-sha-512
!
bradbury9
  • 350
  • 1
  • 10
0

It's not really "broken", just has issues with collisions. It's recommended that you don't use it because it is the unsalted and is very quick to hash. It still would take a very long time to crack. Still, you don't want to use it for passwords if you don't have to.

RocketSEA
  • 1,150
  • 1
  • 7
  • 9
  • 2
    MD5 passwords can actually be cracked quite quickly. User generated passwords tend to be low-entropy, and there are hashing rigs out there that can "guess" a couple hundred billion passwords *per second*. Also, MD5 is not "unsalted". Salting is another layer added on top of whatever hashing algorithm you use, so calling any hash unsalted is a bit of a confusion of terms, IMO. – Conor Mancone Aug 27 '18 at 17:03
  • The average person doesn't own or can afford a hashing rig. Also, are there not algorithms that apply salts after hashing by themselves? – RocketSEA Aug 27 '18 at 17:07
  • 3
    It doesn't really matter what the average person owns or affords. After all, the average person doesn't know what a hash is to begin with. What matters is what a *credible attacker* can own and afford. There are enough high-powered cracking rigs out there that you are best off assuming that md5 hashes can be cracked very quickly. At even just a billion hashes per second (a high-end GPU) you can check every 8 character alpha-numeric string in about a day. – Conor Mancone Aug 27 '18 at 17:24
  • Some hashing algorithms, especially those designed for passwords, do presume that a salt is being included. Even still though the salt is not *inherent* to the hashing. bcrypt is just blowfish + fancy keys + adjustable cost + salt. The salt is a simple add-on that can be placed on **any** hash function. If the only problem with MD5 was that it didn't have a salt, then the simple answer would be: who cares, just add the salt yourself. – Conor Mancone Aug 27 '18 at 17:27
  • 1
    Regarding "owns a hashing rig", bear in mind that a GPU instance on AWS is available, on demand, for anybody. It'd be cheaper in the long run to buy your own, but anybody who needs to brute-force a few billion hash inputs can have capable hardware for it in minutes. – CBHacking Dec 26 '18 at 01:01