This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods

Previous message (by thread): [db-wg] Publishing Deleted Objects - Legal Analysis
Next message (by thread): [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pierre Kim pierre.kim.sec at gmail.com
Tue Jun 16 22:46:02 CEST 2015

Dear Database Working Group Members,

Shane, Chris, Daniel - thanks for your proposals.
As for my understanding on the proposals, it is technically possible
to force users to change their passwords or to encourage them using a
stronger authentication method. Also, there seems to be a resistance
on migrating the hashing algorithm.

On the other hand, I am concerned MD5 hashes are prone to collision
attacks from a security perspective. MD5 is an obsolete now. It is
rather recommended to use another cryptography hashing algorithm to
encrypt passwords.

Now, as Shane stated in his interesting post, long transition times
don't really make much difference and the situation can be fixed with
a workaround by advocating XX days to fix the credentials by showing a
warning in whois output. But this doesn't affect the hashing algorithm
which is prone to collision attacks.

What are members' views on this?

Regards,

On 5/21/15, Daniel Suchy <danny at danysek.cz> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>
> On 20.5.2015 20:29, Christiaan Ottow wrote:
>> I agree, but does somebody see what impact it has to lock the
>> maintainers that don’t update their passwords? How do we get them
>> out of the locked state again?
>
> There's procedure for lost MNTNER password recovery, I think this is
> enough even for these cases... :-)
>
> https://apps.db.ripe.net/change-auth/#/
>
> - -Daniel
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJVXPDBAAoJEKa4QYLLxXGSzxkP/25McuP6Wr3v65m9JgZ/1doc
> 6QmJixoDNC58vUNKLscFL0/6lpzLWgpjbbzx/4ZzQ9u9yKFifS437Dg9cSapIapQ
> lU2ZCxW7K0w3LZBHjwISHfCt4ru4W0x+IKxN03iOqA5dLRQFGtG1DsIAhr1Axl5x
> ViAs985GqMXBPC06mHfAhD+pjmht3bnGKMUsU6qcQ4cRyuId/QOCFF4tsjSqoFT3
> dJsMqc4SCg2Whu1d0oU70cS2k8s5aVL2MTmHYTtMxFZC1lN7zlo0N85pCPFict0K
> mOwCwSsQq1RSqNSmwXrBnbvEkik4jxEkhd7uhzqKFXe/EI5h5K3s7I7KDO2T+Y99
> SFoa5jZkqYw0dsKjYLduO9MlCZyzhFA9CHEcYVpojVpPZpj5RQ48bFmsLBo56wNO
> Yn0gPmcPbreXfphY4gfrl0MihRHPI9Dwm3Z2jtFh0F3i/GjrML2Q3qvYnXyTxfJw
> ViwOVldN5MxtgnEdh08jVjBHb7LIIXPtrRakc7P4Yaxq3zEkXWTx/IOdtEXpUCqX
> tDieNhsGu0L7gTtEOW9P6XB8pxtp4ZX0zcm8N4zqFN2MMjjo1wK91v3tKJUVtNSn
> Xzp72Ii3qT+kmj/EiU+TxsjkPvLyVZU6sOMD+3+s3dcjK/9VNheI/wKmQd5pxHCL
> oMYcxbqPJCG+ukyD9Iy4
> =MoPX
> -----END PGP SIGNATURE-----
>
>

-- 
Pierre Kim
pierre.kim.sec at gmail.com
@PierreKimSec
https://pierrekim.github.io/

Previous message (by thread): [db-wg] Publishing Deleted Objects - Legal Analysis
Next message (by thread): [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]