This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] MD5 Hashes in the database
- Previous message (by thread): [db-wg] 2nd CfP: ICCGI 2012 || June 24-29, 2012 - Venice, Italy
- Next message (by thread): [db-wg] Hiding MD5 hashes from users, was MD5 Hashes in the database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
David Freedman
david.freedman at uk.clara.net
Tue Nov 8 10:38:36 CET 2011
After the feedback from the DB-WG Meeting in Vienna last week, I'd like to bring this back to the list. I'd like to see auth: MD5-PW deprecated , even though it seems to be widely used (for various reasons) according to the report by DB presented to us. Until we can stop it being used completely, I'd like the hashes removed from the database, since they are sitting out there waiting to be bruteforced, at which point somebody takes malicious control of the resources protected by your mntner. I understand the challenge of hiding the field from display is that it must be present when changing or deleting objects , but since it only appears to be in mntners, I'm sure an exception could be made, considering the seriousness of this. Dave. -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20111108/dfa09b67/attachment.html>
- Previous message (by thread): [db-wg] 2nd CfP: ICCGI 2012 || June 24-29, 2012 - Venice, Italy
- Next message (by thread): [db-wg] Hiding MD5 hashes from users, was MD5 Hashes in the database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]