On Wed, Aug 20, 2025 at 06:04:58PM +0000, info--- via Bird-users wrote:
Hi everyone
I'm using BIRD for OSPFv2 and was testing some stuff the other day. Thats where I noticed something with the "authentication" config.
If I go by RFC 2328, only MD5 should be supported. Further Algorithms are defined in RFC 5709, but it says nowhere if BIRD supports that. With that in mind, anything else than MD5 should trow me an error. But it doesn't.
Hence my question, what happens if I configure, let's say, SHA512 or blake2b512? Does BIRD support RFC 5709 and just takes the first 64 bits or is there some other magic going on?
Hi BIRD supports RFC 5709 and it can use any supported HMAC algorithm for OSPFv2: https://bird.nic.cz/doc/bird-2.17.1.html#proto-pass-algorithm OSPFv2 does not use just 64 bits for cryptographic authentication, it uses variable-length authentication trailer for message digest, see RFC 2328 D.4, so full length of appropriate HMAC is used. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) "To err is human -- to blame it on a computer is even more so."