8

As far as I know 'newer' versions of routing protocols support authentication between routers.

What about encryption and integrity checks? Some implementations like this one from Cisco use MD5, which I dont feel secure using. How do you protect against MITM tampering with your routing tables?

Is there any easier way to protect from using IPSEC between your routers?

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
blended
  • 2,841
  • 3
  • 15
  • 16
  • From what I understand OSPFv3 uses IPSEC, at least on Cisco routers and OSPFv2 only supports MD5. – pureooze Dec 14 '15 at 13:16
  • 1
    MD5 is weak against collisions, but it is still pretty good against preimage attacks. If the use of MD5 is for something like an HMAC, it is plenty. I can't check how it's used, since that link is down (dammit linkrot). – forest Dec 30 '17 at 10:27

1 Answers1

1

OSPFv3 uses IPSec if you don't know much about IPSec I wrote a paragraph about it in another answer which should give you some more information.

In Ciscos implementation of OSPFv3 they use MD5 correct, however, it's not to keep the data safe, it's merely used as an authentication check. You can read more about OSPFv3 in Configuring IPSec. IPSec is pretty secure I don't think you have any reason to feel that it's not, for confidentiality of data you can use AES-CBC 128/192 but more is in the link I provided.

I believe Cisco's implementation has thrown you off a bit as you've seen MD5 and instantly assumed "bad" however that's not the case, they're not encrypting the data with it else that would be bad.

Regarding people "tampering with the routing tables" I find this section to be a little unclear. If you're worried about local credentials on newer Cisco devices/versions for local credentials, you can use Type-8 passwords, you can read more about this here

Just to add to this Forest's comment on it being used as an HMAC is correct.