password for BGP in clear-text in bird.conf file?
Alexander Demenshin
aldem-bird.2014 at nk7.net
Sun Apr 26 01:25:25 CEST 2015
On 2015-04-25 18:25, Christopher Jay Manders wrote:
> Even loose encryption like XORing or something would be better than
> storing a password in clear-text.
It would not be better, as any kind of reversible encryption will give
a false sense of security, while security will not be improved at all.
If you leave your bird.conf open to anyone untrusted (and in general,
allow anyone to read it, or even connect to the system where bird
is running), then you are asking for troubles anyway.
> For real production deployments of bird this needs to be a
> consideration.
Real production deployments must never be done on multi-user unsecured
systems.
Protect the system from snooping, restrict access exactly like you would
do
in case of "traditional" router (cisco, juniper) - and you will be fine.
And finally, if the system is compromised - then you have to change
*all* your
passwords (referenced or used on this system) anyway, regardless of
encryption.
Best regards,
Alexander.
More information about the Bird-users
mailing list