This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] NWIs update
- Previous message (by thread): [db-wg] NWIs update
- Next message (by thread): [db-wg] NWIs update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Wed Apr 10 12:08:22 CEST 2019
Hi, On Wed, Apr 10, 2019 at 09:40:05AM +0100, Nick Hilliard wrote: > Gert Doering wrote on 10/04/2019 09:22: > > Well, it wasn't clear if "store unencrypted" referred to the client or > > server side. On the server side, yes, please store one-way hashed in > > a secure fashion. > > How though? Again, thinking out loud, it's easy enough if you implement > using an unsalted hash except that's not considered to be secure. The attack vector against unsalted hashes is "rainbow tables"... make the API key something like 80 characters long, and no machine in the world can do anything but brute force. But why store the API key anyway. Have it contain permissions plus a crytographically sane signature, and all you need to know is "in the key". Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: </ripe/mail/archives/db-wg/attachments/20190410/e1b932ba/attachment.sig>
- Previous message (by thread): [db-wg] NWIs update
- Next message (by thread): [db-wg] NWIs update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]