This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
MD5 proposal
- Previous message (by thread): MD5 proposal
- Next message (by thread): MD5 proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrei Robachevsky
andrei at ripe.net
Thu Mar 28 18:02:11 CET 2002
Dear Colleagues, Please let me summarise the additions and modifications to the proposal, and present you the next approximation. Only changes to the proposal are included below. Would it be possible to respond with your comments till the end of the next week so we can proceed with implementation? > > Improving security of password (passphrase) based auth schemes (MD5 proposal) > -============================================================================- > [...] > Proposal > -------- > > A new "auth:" scheme is introduced based on MD5 hash algorithm. The format > of the new "auth" scheme is: > auth: MD5-PW <md5-crypt> where <md5-crypt> is an output of the md5-crypt, which is concatenation of "$1$", the salt, and the 128-bit hash output. For example: auth: MD5-PW $1$sD9e4pQn$1832L4.BxsZHusy0plg8i0 #A comment: We feel that despite $1$ indication of the algorithm used we need #this separate "MD5-PW" label. Our experience shows that every effort made to #avoid confusion is eventually paid back. #Another comment: we would appreciate if someone writes an #internet-draft on md5-crypt and processes it through IETF, as Randy #suggested. > At the first character after the first white space (space or tab) > > following the colon (":") > When submitting an update to the database that needs to be authorised using > this scheme, a "password:" pseudo-attribute must be used to submit a key > (passphrase). Line continuation is not allowed for this attribute, so the > whole key should fit on one line. If the key gets split across multiple > lines this will be treated as syntax error. The value of the key starts at the first character after the first white space following the colon (":"). > > If the mntner that defines authorisation information for the submission has > CRYPT-PW and MD5-PW "auth" schemes, the key specified by "password:" will be > checked for both types. > > Regards, Andrei Robachevsky RIPE NCC
- Previous message (by thread): MD5 proposal
- Next message (by thread): MD5 proposal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]