Hashing Algorithms in OSPFv2
Ondrej Zajicek
santiago at crfreenet.org
Thu Aug 21 01:04:01 CEST 2025
On Wed, Aug 20, 2025 at 06:04:58PM +0000, info--- via Bird-users wrote:
> Hi everyone
>
> I'm using BIRD for OSPFv2 and was testing some stuff the other day.
> Thats where I noticed something with the "authentication" config.
>
> If I go by RFC 2328, only MD5 should be supported. Further Algorithms
> are defined in RFC 5709, but it says nowhere if BIRD supports that. With
> that in mind, anything else than MD5 should trow me an error. But it
> doesn't.
>
> Hence my question, what happens if I configure, let's say, SHA512 or
> blake2b512? Does BIRD support RFC 5709 and just takes the first 64 bits
> or is there some other magic going on?
Hi
BIRD supports RFC 5709 and it can use any supported HMAC algorithm for OSPFv2:
https://bird.nic.cz/doc/bird-2.17.1.html#proto-pass-algorithm
OSPFv2 does not use just 64 bits for cryptographic authentication, it uses
variable-length authentication trailer for message digest, see RFC 2328 D.4,
so full length of appropriate HMAC is used.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list