password for BGP in clear-text in bird.conf file?

Christopher Jay Manders cjmanders at gmail.com
Sat Apr 25 18:25:41 CEST 2015


Hi,

I disagree.

It is a security issue to have a password stored in clear-text.

I think the way to do it is to use birdcl to enter the password but then 
store it in some type of encrypted form. Perhaps separately from the 
bird.conf.

Even loose encryption like XORing or something would be better than 
storing a password in clear-text.

For real production deployments of bird this needs to be a consideration.

That is my feeling.

Thanks!
Christopher


On 4/23/15 10:23, Ondrej Zajicek wrote:
> On Thu, Apr 23, 2015 at 10:05:21AM -0700, Christopher Jay Manders wrote:
>> Hi,
>>
>> I am not sure if this has been brought up before, but it is very sad that
>> the password for BGP AUTH is in clear-text.
>>
>> Is there anything in progress to rectify or discussion about this?
>
> Hi
>
> There is not much to discuss. Because the way how it is used, the
> password must be in clear-text-recoverable form. The bird.conf
> could be protected by unix access rights if necessary.
>




More information about the Bird-users mailing list