[db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Previous message (by thread): [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Next message (by thread): FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Larry Blunk
ljb at merit.edu
Thu Oct 5 09:36:26 CEST 2006
Wilfried Woeber, UniVie/ACOnet wrote:
> Max Tulyev wrote:
>
>
>> Hi Katie!
>>
>> Why not just to hide encrypted password from public view (as it done
>> with e-mails)?
>>
>
> Even that is a bad hack which I resent, but eventually I gave in. We had
> done a similar thing in the past, with a different attribute, and we had to
> roll back.
>
> And we would have to invent just another flag to undo the hiding. This cannot
> be kept secret for long, so what?
> (Not doing that would actually require "everyone" to keep a *local*
> copy of the hash on backup for inclusion in the next update.
> That's asking for chaos :-( )
>
>
The IRRd software returns the special token "HIDDENCRYPTPW" for the
CRYPT-PW value.
Note this is 13 characters long and thus a legal CRYPT-PW value. If an
update is submitted with
this value, the existing CRYPT-PW is left in place. There is a very
small chance of a collision with
an actual password, but the probability is deemed to be too low to be of
concern for this application.
Things can get a bit tricky if one has multiple CRYPT-PW passwords. I
can go over the algorithm
used by IRRd in such cases if anyone cares.
-Larry Blunk
Merit Network
- Previous message (by thread): [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Next message (by thread): FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]