[db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database

I don't mind it continuing to be used over encrypted channels,
as long as the hashes are not available to the general public (as per your
previous mail)

I would support a warning phase

Dave.



On 08/11/2011 11:56, "Shane Kerr" <shane at time-travellers.org> wrote:

>David,
>
>On Tue, 2011-11-08 at 09:38 +0000, David Freedman wrote:
>> I'd like to see auth: MD5-PW deprecated , even though it seems to be
>> widely used (for various reasons)
>> according to the report by DB presented to us.
>
>I propose that we deprecate  passwords over unencrypted channels. AFAIK
>this just means e-mail today, although the web API stuff may also
>provide an non-TLS option (I don't know).
>
>Unlike hiding MD5, this is a major change for users, and would need to
>be done with the same caution and preparation as similar large changes
>in the past. We could have a warning phase, where anyone using a
>password in email would get a scary warning in the reply telling them to
>use a more secure scheme (PGP, X.509, webupdates, or database web API).
>The RIPE NCC could identify heavy users and help them convert their
>tools. And eventually we could flip the switch and turn off plain text
>passwords.
>
>--
>Shane
>
>