This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods
- Previous message (by thread): [db-wg] Publishing Deleted Objects - Legal Analysis
- Next message (by thread): [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Pierre Kim
pierre.kim.sec at gmail.com
Tue Jun 16 22:46:02 CEST 2015
Dear Database Working Group Members, Shane, Chris, Daniel - thanks for your proposals. As for my understanding on the proposals, it is technically possible to force users to change their passwords or to encourage them using a stronger authentication method. Also, there seems to be a resistance on migrating the hashing algorithm. On the other hand, I am concerned MD5 hashes are prone to collision attacks from a security perspective. MD5 is an obsolete now. It is rather recommended to use another cryptography hashing algorithm to encrypt passwords. Now, as Shane stated in his interesting post, long transition times don't really make much difference and the situation can be fixed with a workaround by advocating XX days to fix the credentials by showing a warning in whois output. But this doesn't affect the hashing algorithm which is prone to collision attacks. What are members' views on this? Regards, On 5/21/15, Daniel Suchy <danny at danysek.cz> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > On 20.5.2015 20:29, Christiaan Ottow wrote: >> I agree, but does somebody see what impact it has to lock the >> maintainers that don’t update their passwords? How do we get them >> out of the locked state again? > > There's procedure for lost MNTNER password recovery, I think this is > enough even for these cases... :-) > > https://apps.db.ripe.net/change-auth/#/ > > - -Daniel > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJVXPDBAAoJEKa4QYLLxXGSzxkP/25McuP6Wr3v65m9JgZ/1doc > 6QmJixoDNC58vUNKLscFL0/6lpzLWgpjbbzx/4ZzQ9u9yKFifS437Dg9cSapIapQ > lU2ZCxW7K0w3LZBHjwISHfCt4ru4W0x+IKxN03iOqA5dLRQFGtG1DsIAhr1Axl5x > ViAs985GqMXBPC06mHfAhD+pjmht3bnGKMUsU6qcQ4cRyuId/QOCFF4tsjSqoFT3 > dJsMqc4SCg2Whu1d0oU70cS2k8s5aVL2MTmHYTtMxFZC1lN7zlo0N85pCPFict0K > mOwCwSsQq1RSqNSmwXrBnbvEkik4jxEkhd7uhzqKFXe/EI5h5K3s7I7KDO2T+Y99 > SFoa5jZkqYw0dsKjYLduO9MlCZyzhFA9CHEcYVpojVpPZpj5RQ48bFmsLBo56wNO > Yn0gPmcPbreXfphY4gfrl0MihRHPI9Dwm3Z2jtFh0F3i/GjrML2Q3qvYnXyTxfJw > ViwOVldN5MxtgnEdh08jVjBHb7LIIXPtrRakc7P4Yaxq3zEkXWTx/IOdtEXpUCqX > tDieNhsGu0L7gTtEOW9P6XB8pxtp4ZX0zcm8N4zqFN2MMjjo1wK91v3tKJUVtNSn > Xzp72Ii3qT+kmj/EiU+TxsjkPvLyVZU6sOMD+3+s3dcjK/9VNheI/wKmQd5pxHCL > oMYcxbqPJCG+ukyD9Iy4 > =MoPX > -----END PGP SIGNATURE----- > > -- Pierre Kim pierre.kim.sec at gmail.com @PierreKimSec https://pierrekim.github.io/
- Previous message (by thread): [db-wg] Publishing Deleted Objects - Legal Analysis
- Next message (by thread): [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]