Dear Chris, I would like to make it clear that the objective is not to threaten to disclose the information but improve the security in RIPE. The main point is the information has been known for 4 years and during 4 years only 25% of the hashes were changed and this should be corrected. I contacted database working members trying to solve this security problem in a democratic manner. Please don't hesitate to submit constructive solutions to this problem. Regards, On 5/6/15, Christiaan Ottow <chris@6core.net> wrote:
Hi Pierre,
On 05/05/15 23:20, Pierre Kim wrote:
Dear Chris,
My email was intended to propose having a safer authentication method.
I was hoping that RIPE will either : - force users to change their passwords. After 4 years and the RIPE recommendation, 27.000 hashes are still being used on a total of 36.000 without update. Only 25% of the hashes have been updated. - deprecate MD5 in profit of stronger authentication methods.
Having 75% of valid hashes in the nature is a concern, I think. Any security researcher who downloaded all the hashes could misuse this information.
I agree that having these hashes out there is a concern, and that it would be good if the MD5-crypt authentication method were disabled.
However, that is a policy decision with quite some impact, and I don't think one person should be forcing the RIPE community to do so by threatening to disclose the entire list of hashes. In common practice of responsible disclosure for software vulnerabilities, it is completely unaccepted to not only disclose the vuln but also dump the database, and here we're not even talking about a simple software vuln but about a policy change that affects many stakeholders.
I'm speaking only on behalf of myself as a member of the RIPE community, but I'd like to continue this meaningful discussion without a proverbial knife to anyone's throat.
-- chris
-- -- Pierre Kim pierre.kim.sec@gmail.com @PierreKimSec https://pierrekim.github.io/