[db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods

Hi Pierre,

On 05/05/15 23:20, Pierre Kim wrote:
> Dear Chris,
> 
> My email was intended to propose having a safer authentication method.
> 
> I was hoping that RIPE will either :
>   - force users to change their passwords. After 4 years and the RIPE
> recommendation, 27.000 hashes are still being used on a total of
> 36.000 without update. Only 25% of the hashes have been updated.
>   - deprecate MD5 in profit of stronger authentication methods.
> 
> Having 75% of valid hashes in the nature is a concern, I think. Any
> security researcher who downloaded all the hashes could misuse this
> information.

I agree that having these hashes out there is a concern, and that it
would be good if the MD5-crypt authentication method were disabled.

However, that is a policy decision with quite some impact, and I don't
think one person should be forcing the RIPE community to do so by
threatening to disclose the entire list of hashes. In common practice of
responsible disclosure for software vulnerabilities, it is completely
unaccepted to not only disclose the vuln but also dump the database, and
here we're not even talking about a simple software vuln but about a
policy change that affects many stakeholders.

I'm speaking only on behalf of myself as a member of the RIPE community,
but I'd like to continue this meaningful discussion without a proverbial
knife to anyone's throat.

-- chris

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </ripe/mail/archives/db-wg/attachments/20150506/558f0822/attachment.sig>