Re: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
-
To: Woeber@localhost
-
From: Larry Blunk ljb@localhost
-
Date: Thu, 05 Oct 2006 03:36:26 -0400
-
Cc: Max Tulyev president@localhost, db-wg@localhost
Wilfried Woeber, UniVie/ACOnet wrote:
Max Tulyev wrote:
Hi Katie!
Why not just to hide encrypted password from public view (as it done
with e-mails)?
Even that is a bad hack which I resent, but eventually I gave in. We had
done a similar thing in the past, with a different attribute, and we had to
roll back.
And we would have to invent just another flag to undo the hiding. This cannot
be kept secret for long, so what?
(Not doing that would actually require "everyone" to keep a *local*
copy of the hash on backup for inclusion in the next update.
That's asking for chaos :-( )
The IRRd software returns the special token "HIDDENCRYPTPW" for the
CRYPT-PW value.
Note this is 13 characters long and thus a legal CRYPT-PW value. If an
update is submitted with
this value, the existing CRYPT-PW is left in place. There is a very
small chance of a collision with
an actual password, but the probability is deemed to be too low to be of
concern for this application.
Things can get a bit tricky if one has multiple CRYPT-PW passwords. I
can go over the algorithm
used by IRRd in such cases if anyone cares.
-Larry Blunk
Merit Network
|
you are here: RIPE -> RIPE Maillists > Archives
