This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
Database development plans
- Previous message (by thread): Database development plans
- Next message (by thread): Database development plans
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lu, Ping
PLu at cw.net
Thu Jan 31 01:20:47 CET 2002
> > I still feel that MAIL-FROM with cookie confirmation is > considerably > better than "no authentication". I don't see how a cookie is really > any easier to intercept than a password or secret string sent in the > clear. It also doesn't suffer from potential dictionary cracking > attacks. While it is clear that user's will find it more complicated > than the current MAIL-FROM, I could still envisage some > preferring it over passwords/PGP-KEYs. > > I checked out majordomo's cookie confirmation code and found that > the cookie generation uses a hash of a secret string, the user's > email address, and the requested command. Thus the server does not > need to keep any cookie state. One could include a timestamp in the > cookie hash generation and confirmation message to help guard against > replay's. > > Finally, I would imagine that those who are using automatic scripts > would migrate to passwords or (preferably) PGP. > > If the mail can be intercepted then a cookie confirmation won't make a difference. If the mail can be intercepted then a clear-text password scheme won't make a difference. Only if the mail is secure then a cookie or password makes sense. Also a cookie confirmation increases the chance to start a mail storm. >> In my ISI/RPSL/6bone version of the perl server (=not the >> official RIPE version of the perl software) the crypt-pw is indeed not shown upon >> query or in the downloadable database files. This is not a bad idea to shadow the crypted string (then MD5 is not really necessary ). But I think the RIPE-DB server needs some structure changes to support this. >> >> This is clearly a community decision. I would suggest that if MD5 is > > implemented as an additional method, strings bigger than 8 > characters > > are a necessity (and it is really easy to do so with MD5). > The extra > > length makes it really difficult to have dictionary attacks if > > properly used (I mean you can use a file with the complete works of > > shakespeare when generating the MD5 hash) > > If RIPE-DB are going to support different auth functions, why not using PAM to support any kind of PAM modules then ? Ping Lu Cable & Wireless USA Network Tools and Analysis Group W: +1-703-292-2359 E: plu at cw.net
- Previous message (by thread): Database development plans
- Next message (by thread): Database development plans
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]