This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[db-wg] crypted password

Previous message (by thread): [db-wg] crypted password
Next message (by thread): [db-wg] crypted password

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Koch pk at DENIC.DE
Tue Jul 25 11:00:58 CEST 2006

Max Tulyev wrote:

> Do you really thinking MD5 much safer? ;) It is not.

the "sense of the room" was that CRYPT-PW was by far the weakest authentication
mechanism and security improvements should start with deprecating this
particular method without ignoring problems in MD5, i.e. PGPKEY/X.509 would
be recommended.
That's what already happens in <http://www.ripe.net/db/support/security/>.

The reasons for keeping MD5-PW for the moment are minuted
<http://www.ripe.net/ripe/wg/db/minutes/ripe-51.html>
<http://www.ripe.net/ripe/wg/db/minutes/ripe-52.html>

> It is good idea even to hide PGP key data (open key) because why we need 
> to provide extra data to evil persons?

IIRC the reason not to hide any attributes was operational, i.e. it should
be easy to fetch-edit-submit an object without the danger of accidentally
losing one auth mechanism in those cases where an object allows more than one.

-Peter

Previous message (by thread): [db-wg] crypted password
Next message (by thread): [db-wg] crypted password

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]