This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
FW: FW: FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Previous message (by thread): FW: FW: FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Next message (by thread): FW: FW: FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Potapov Vladislav
poty at iiat.ru
Thu Oct 5 12:34:41 CEST 2006
Hi, On Thu, Oct 05, 2006 at 02:21:53PM +0400, Potapov Vladislav wrote: > The mail will still contain a "password: <something>" block, just the > way this password is hashed in the maintainer object is > different." > > Then it is NOT improve security much. It does. It takes away the attack angle of breaking CRYPT-PW hash. You are not read to the end again. "In security ALL parts are essential." You lock only one part of the "security" > Using your allegory: Let's put > huge lock on our cardboard door? In security ALL parts are essential. > BEFORE I can use "the day-to-day" operation I should change CRYPT-PW > to MD5-PW. And PERSONALLY I don't need the enhanced in some way but > weak in the other "security". As our members tell us that "crypto is hard!!!!" we can not enforce PGP (which would be a big step) - so security is increased in small steps. And you decided to go against "our members"? Maybe it is useful to tell them back? To educate? To convince BEFORE proposing? Maybe then all members (without changes) will put the most secure algorithms to their data? In other way your proposal will be ... authoritarian. And not from real life... Vladislav Potapov Ru.iiat
- Previous message (by thread): FW: FW: FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Next message (by thread): FW: FW: FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]