[ncc-services-wg] Securing MD5 Hashes in the RIPE Database

On 11/11/2011 06:24 PM, Denis Walker wrote:
> [Apologies for duplicate emails]
>
> Dear colleagues,
>
> The RIPE NCC has formed a technical solution for the issue of
> publicly displaying MD5 password hashes in the RIPE Database. The
> solution includes:
>
> * Filtering out of all "auth:" attributes from all query results of
> MNTNER objects

Why filter all auth attributes? What if someone will want to use public 
key to send encrypted mail? :)

Also what about implementing stronger schemes for plain passwords like 
SHA-256,512?

> * Displaying MNTNER objects with "auth:" attributes only in
> Webupdates after password authentication
>
> We published an article on RIPE Labs describing the details, including a
> mockup of the password authentication required by Webupdates:
> https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database
>
> Additionally, we added a basic strength indicator to the password
> generator:
> https://apps.db.ripe.net/crypt/crypt.html
>
> We look forward to your comments and feedback, either on the Database
> Working Group mailing list or below the article itself.
>
> Kind regards,
>
> Denis Walker
> Business Analyst
> RIPE NCC Database Group
>
>