This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database
- Previous message (by thread): [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database
- Next message (by thread): [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nick Hilliard
nick at inex.ie
Tue Nov 8 15:20:53 CET 2011
On 08/11/2011 11:56, Shane Kerr wrote: > I propose that we deprecate passwords over unencrypted channels. AFAIK > this just means e-mail today, There is always starttls - which RIPE already supports. But you cannot be guaranteed that it is turned on at the client site, or that both sides actually perform validation of each others' certs. Any sensible mail admin will enable it. But I agree - this is something which sorely needs to be done. And the crypto hash should not be visible on whois. And MD5 needs to be prohibited for all future updates. Also, for some light entertainment: https://github.com/juuso/BozoCrack Nick -- Network Ability Ltd. | Chief Technical Officer | Tel: +353 1 6169698 3 Westland Square | INEX - Internet Neutral | Fax: +353 1 6041981 Dublin 2, Ireland | Exchange Association | Email: nick at inex.ie
- Previous message (by thread): [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database
- Next message (by thread): [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]