MD5 proposal
- Previous message (by thread): MD5 proposal
- Next message (by thread): Deprecation of the MAIL-FROM auth scheme
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
mc
m.candanpolat at chello.nl
Fri Mar 29 20:21:48 CET 2002
----- Original Message ----- From: "Andrei Robachevsky" <andrei at ripe.net> To: "Andrei Robachevsky" <andrei at ripe.net> Cc: <db-wg at ripe.net> Sent: Thursday, March 28, 2002 6:02 PM Subject: Re: MD5 proposal > Dear Colleagues, > > Please let me summarise the additions and modifications to the proposal, > and present you the next approximation. > > Only changes to the proposal are included below. > > Would it be possible to respond with your comments till the end of the > next week so we can proceed with implementation? > > > > > Improving security of password (passphrase) based auth schemes (MD5 proposal) > > -========================================================================= ===- > > > [...] > > > > Proposal > > -------- > > > > A new "auth:" scheme is introduced based on MD5 hash algorithm. The format > > of the new "auth" scheme is: > > > auth: MD5-PW <md5-crypt> > > where <md5-crypt> is an output of the md5-crypt, which is concatenation of "$1$", the salt, and the 128-bit hash output. > > > > For example: > > > auth: MD5-PW $1$sD9e4pQn$1832L4.BxsZHusy0plg8i0 > > #A comment: We feel that despite $1$ indication of the algorithm used we need > > #this separate "MD5-PW" label. Our experience shows that every effort made to > > #avoid confusion is eventually paid back. > > > #Another comment: we would appreciate if someone writes an > #internet-draft on md5-crypt and processes it through IETF, as Randy > #suggested. > > > > At the first character after the first white space (space or tab) > > > following the colon (":") > > > > When submitting an update to the database that needs to be authorised using > > this scheme, a "password:" pseudo-attribute must be used to submit a key > > (passphrase). Line continuation is not allowed for this attribute, so the > > whole key should fit on one line. If the key gets split across multiple > > lines this will be treated as syntax error. > > > The value of the key starts at the first character after the first white > space following the colon (":"). > > > > > > If the mntner that defines authorisation information for the submission has > > CRYPT-PW and MD5-PW "auth" schemes, the key specified by "password:" will be > > checked for both types. > > > > > > Regards, > > > Andrei Robachevsky > RIPE NCC >
- Previous message (by thread): MD5 proposal
- Next message (by thread): Deprecation of the MAIL-FROM auth scheme
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]