[db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database

On Wed, Oct 04, 2006 at 06:05:10PM +0200, Denis Walker wrote:

> want to modify the mntner object (maybe add a new admin-c) and you can't
> remember the hash value, you can just encrypt your plain text password
> again and enter a new hash value to the update. It may be a little bit
> inconvenient, but not a major problem. I don't think even the password
> owner 'needs' to see the hash.

I guess this is the n-th iteration of this text and Max is correct in
pointing out that the results of the previous discussion should be made
available on the "FAQ page" that is going to support this migration effort.

IIRC, the reason for not hiding the password was that fetch-submit should be
idempotent, or, to elaborate a bit more, no information should be lost in a
fetch-edit-submit cycle. This is especially important in those cases where
there's another auth scheme in use besides MD5-PW, so not submitting the
respective attribute with the object would actually change the mntner to
only use the remaining auth scheme.  Any 'workarounds' to me appear a bit
like rearranging those deckchairs once again. If MD5 is weak and there's
enough concern in the community to get rid of it, let's just do it. But
at the same time, let's take the first step first and get the CRYPT-PW
deprecation and phase-out plan out of the door.

-Peter

PS: One additional migration caveat is that LIRs that substitute MD5 for
    CRYPT-PW should be _urged_ not to just change the 'encryption' scheme,
    but also need to generate a new and better password.