@hansw@mastodon.social The whole wire encryption (!) in TACACS+ protocol is based on MD5 (!) generating keystream and you can't change it. But it's by definition intended to run inside trusted ISP network which somewhat limits exposure. I told you it's 90's protocol :)