On Wed, Aug 20, 2025 at 06:04:58PM +0000, info--- via Bird-users wrote: > Hi everyone > > I'm using BIRD for OSPFv2 and was testing some stuff the other day. > Thats where I noticed something with the "authentication" config. > > If I go by RFC 2328, only MD5 should be supported. Further Algorithms > are defined in RFC 5709, but it says nowhere if BIRD supports that. With > that in mind, anything else than MD5 should trow me an error. But it > doesn't. > > Hence my question, what happens if I configure, let's say, SHA512 or > blake2b512? Does BIRD support RFC 5709 and just takes the first 64 bits > or is there some other magic going on?
Hi BIRD supports RFC 5709 and it can use any supported HMAC algorithm for OSPFv2: https://bird.nic.cz/doc/bird-2.17.1.html#proto-pass-algorithm OSPFv2 does not use just 64 bits for cryptographic authentication, it uses variable-length authentication trailer for message digest, see RFC 2328 D.4, so full length of appropriate HMAC is used. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: [email protected]) "To err is human -- to blame it on a computer is even more so."
