[db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Previous message (by thread): [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Next message (by thread): FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Larry Blunk
ljb at merit.edu
Thu Oct 5 09:36:26 CEST 2006
Wilfried Woeber, UniVie/ACOnet wrote: > Max Tulyev wrote: > > >> Hi Katie! >> >> Why not just to hide encrypted password from public view (as it done >> with e-mails)? >> > > Even that is a bad hack which I resent, but eventually I gave in. We had > done a similar thing in the past, with a different attribute, and we had to > roll back. > > And we would have to invent just another flag to undo the hiding. This cannot > be kept secret for long, so what? > (Not doing that would actually require "everyone" to keep a *local* > copy of the hash on backup for inclusion in the next update. > That's asking for chaos :-( ) > > The IRRd software returns the special token "HIDDENCRYPTPW" for the CRYPT-PW value. Note this is 13 characters long and thus a legal CRYPT-PW value. If an update is submitted with this value, the existing CRYPT-PW is left in place. There is a very small chance of a collision with an actual password, but the probability is deemed to be too low to be of concern for this application. Things can get a bit tricky if one has multiple CRYPT-PW passwords. I can go over the algorithm used by IRRd in such cases if anyone cares. -Larry Blunk Merit Network
- Previous message (by thread): [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Next message (by thread): FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]