Database development plans

> 
> 5. Improve database security
> 
> These ideas were discussed at the RIPE-41, the detailed proposals will follow
> - Deprecate MAIL-FROM as a weak auth scheme that doesn't serve todays's
>   security requirements.  This will be done in several phases starting form
>   not allowing updating mntner objects containing this scheme, and ending
>   with not allowing updates to be authorised with MAIL-FROM.
> - Implement authentication scheme using MD5 as a more secure mechanism
>   compared to crypt. Passphrases can be used instead of 8 character
>   passwords and MD5 fingerprint will be presented in the auth value.
> - Implement inverse queries on auth, encryption, signature for PGP keys only 
>   (key-cert's).
> 
>  


   As an alternative to deprecating MAIL-FROM, have you considered sending
a response to updates with a random cookie in it and requiring a confirmation
message with the cookie?

   In regards to the MD5 fingerprint, would this be a straight MD5 hash, or
something like the FreeBSD MD5-based password hash (which I believe supports
passwords longer than 8 chars)?   Also, would the hash continue to be openly published?
It would seem you would still have to deal with potential dictionary attacks.
I understand the Perl-based RIPE server would use a "*" in place of
the actual crypt-pw and I've been considering adding support for this in IRRd.
Also, I would suggest reading the following paper regarding the strength
of traditional Unix crypt, FreeBSD's MD5-based crypt, and OpenBSD's Blowfish-
based bcrypt -- http://www.usenix.org/events/usenix99/provos.html


  Regards,
    Larry Blunk
    Merit