This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database

Previous message (by thread): [db-wg] Hiding MD5 hashes from users, was MD5 Hashes in the database
Next message (by thread): [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Shane Kerr shane at time-travellers.org
Tue Nov 8 12:56:16 CET 2011

David,

On Tue, 2011-11-08 at 09:38 +0000, David Freedman wrote:
> I'd like to see auth: MD5-PW deprecated , even though it seems to be
> widely used (for various reasons)
> according to the report by DB presented to us. 

I propose that we deprecate  passwords over unencrypted channels. AFAIK
this just means e-mail today, although the web API stuff may also
provide an non-TLS option (I don't know).

Unlike hiding MD5, this is a major change for users, and would need to
be done with the same caution and preparation as similar large changes
in the past. We could have a warning phase, where anyone using a
password in email would get a scary warning in the reply telling them to
use a more secure scheme (PGP, X.509, webupdates, or database web API).
The RIPE NCC could identify heavy users and help them convert their
tools. And eventually we could flip the switch and turn off plain text
passwords.

--
Shane

Previous message (by thread): [db-wg] Hiding MD5 hashes from users, was MD5 Hashes in the database
Next message (by thread): [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]