So it is up to the community to move from MD5 authentication to stronger authentication methods ? No preventive steps would be taken to avoid MD5 hashes disclosure on the RIPE website ?<br><br><div class="gmail_quote">On Wed, Nov 9, 2011 at 10:38 AM, Nigel Titley <span dir="ltr"><<a href="mailto:nigel@titley.com">nigel@titley.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Tue, 2011-11-08 at 15:01 +0100, virtu virtualabs wrote:<br>
> That would mean RIPE NCC did not do anything while people has been<br>
> aware of this fact since 2 years ?<br>
<br>
</div>This problem is well known, both by the RIPE DB working group (which is<br>
what makes the policy, not the RIPE NCC) and also the RIPE NCC itself.<br>
It's been discussed for many years (not just 2) and the use of better<br>
authentication methods has been recommended (and have also been<br>
available for many years).<br>
<br>
However, the community seems to wish to continue to use plain text<br>
passwords in emails, together with MD5 hashing.<br>
<span class="HOEnZb"><font color="#888888"><br>
Nigel<br>
<br>
</font></span></blockquote></div><br>