This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database
- Previous message (by thread): [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database
- Next message (by thread): [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
David Freedman
david.freedman at uk.clara.net
Tue Nov 8 15:31:36 CET 2011
Looks like I need to get a policy proposal together then…. From: Kaveh Ranjbar <kranjbar at ripe.net<mailto:kranjbar at ripe.net>> Date: Tue, 8 Nov 2011 15:22:37 +0100 To: <db-wg at ripe.net<mailto:db-wg at ripe.net>> Subject: Re: [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database Dear colleague, Since any change in the current process means significantly changing the behaviour of the RIPE Database* and will break existing use cases of the system, it is not something the RIPE NCC can make a decision on. The change should come from and get approved by the community and the RIPE NCC can then implement it. Obviously we as RIPE NCC can suggest technical solutions -and that's why we have brought up the issue on different occasions- but still, agreeing on and implementing them will require community's consensus. In the mean time we are publishing an article on RIPE Labs outlining the current situation and highlighting the problem statement as well as guidelines for mitigating the risk until a full solution is found. We are also adding a password strength indicator to the online MD5 hash generator as an additional measure. Kind Regards, Kaveh Ranjbar, RIPE Database Group Manager *- As an example, current Update process requires the full object -including the hashes for maintainer objects- to be used in the update message. On Nov 8, 2011, at 3:01 PM, virtu virtualabs wrote: That would mean RIPE NCC did not do anything while people has been aware of this fact since 2 years ? -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20111108/52a108b6/attachment.html>
- Previous message (by thread): [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database
- Next message (by thread): [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]