This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

Deprecation of the MAIL-FROM auth scheme

Previous message (by thread): Deprecation of the MAIL-FROM auth scheme
Next message (by thread): Minutes from RIPE-41

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Christoph Kuhles / Aquatix RIPE services ripe at aquatix.de
Mon Apr 1 00:38:28 CEST 2002

Dear Andrei & list,

talking about a secure database, I wonder why the crypted password is
shown when using CRYPT-PW as authentication scheme?

While it might take long to get the clear-text password using brute
force or dictionary attacks, it is still possible.

Why not patch the whois server so it doesn't show the crypted
password and hence make hijacking of objects impossible by
bruteforcing a maintainer password?

Best regards

Christoph Kuhles
Managing Director
Aquatix IT-Services e.K.



Monday, March 25, 2002, 1:58:10 PM, you wrote:

AR> Please find enclosed the migration plan to a more secure database.

Previous message (by thread): Deprecation of the MAIL-FROM auth scheme
Next message (by thread): Minutes from RIPE-41

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]