I was just watching a presentation on OSPF authentication and was stunned to learn that the highest security option in RouterOS is "MD5". Since we know how to create arbitrary MD5 collisions within seconds on ordinary PC-class hardware, I was afraid I'd find that OSPF was terribly insecure on its own, requiring strong IP filtering to keep it safe.
On researching it further, it seems to be the case that keyed-MD5 isn't vulnerable to the same attacks as plain old MD5 message digests.
However, I also found that OSPFv2 defines better authentication options, up to HMAC-SHA-512, which is stronger in several complimentary ways: the better algorithm (SHA2 vs MD5), the longer hash — 2-4x, if you skip HMAC-SHA1 which is also semi-obsolete now — and more robust MAC construction, H(k⧺m⧺k) versus HMAC(k,m).
So, whether keyed-MD5 is broken or not, can we get better HMAC authentication in 7.1 before final release, please? If nothing else, it'll keep people like me from getting itchy. 😉