Dear Denis, Thank you for your explanation in detail about what happened in 2011. It is indeed interesting to know. -- Pierre Kim pierre.kim.sec@gmail.com @PierreKimSec https://pierrekim.github.io/ On 5/5/15, denis walker <ripedenis@yahoo.co.uk> wrote:
Hi Pierre I would like to just clarify a few points in your email. Firstly the article you referred to was published in November 2011. At that time your could query for a MNTNER object and the MD5 hash was returned. Although there was no file available on the FTP site with a list of all MNTNER objects, as you know it was possible to download all the other bulk object files and create a list of all referenced MNTNER objects. There was no limit on how many of these that could be queried so it was not difficult to get a list of all MD5 hashes.
Two days later, in November 2011, another article was published outlining the process of hiding the MD5 hasheshttps://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database This was accepted by the community and it was implemented in January 2012https://www.ripe.net/ripe/mail/archives/db-wg/2012-January/003856.html Since then it has not been possible to query for a MNTNER and receive the MD5 hash. In this second article, and again in the announcement to the DB WG, it stated "The RIPE NCC will then contact all the maintainers of MNTNER objects containing passwords and ask them to change these for new, strong passwords." As far as I remember all MNTNER holders with MD5 passwords were contacted and advised to change them. cheersDenis WalkerIndependent Netizen
From: Pierre Kim <pierre.kim.sec@gmail.com> To: db-wg@ripe.net Sent: Monday, 4 May 2015, 22:12 Subject: [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods
Dear Database Working Group Members,
I am contacting you to share the thoughts on the usage of MD5 in the RIPE database. I already discussed the problems concerning MD5 authentication with RIPE NCC Security<security@ripe.net> on 2 Apr 2015 and RIPE NCC Security officer encouraged me to contact your group to work together on this issue.
In 2011, I had grabbed all the MD5s of the RIPE database before they were taken out from the public view and I don't think I was the only security researcher who downloaded all the hashes.
This john-compatible file (containing MNT logins and MD5 hashs) was never exposed to public but the hashs can be (VERY) easily cracked. From the discussion with RIPE Security (who received a copy of this file), 27.000 usable hashes (on a total of 36.000) appeared to be valid til now.
By reading https://labs.ripe.net/Members/kranjbar/password-management-in-ripe-database , I see : "The MD5 hash is public, when running a single query (not for bulk queries)." I assume this was a known problem but the RIPE didn't alert that all the hashs have been retrieved, although there were some urgency to change the passwords or to use a safer authentication method.
When I discussed it with RIPE NCC Security, I gave a 90 day disclosure policy about this "public" information, starting from the 16 Apr 2015. The 90 day period can be adjusted by adding more days at the end if RIPE shows a good progress of the migration. I wanted to do responsible disclosure when I saw the RIPE Responsible Disclosure Policy which is a Really Good Thing, I think.
According to the RIPE transparency, as recommended by RIPE NCC Security, therefore I am now contacting this working group to work together because deprecation of MD5 is an important change in the RIPE database and it must be debated in a democratic manner.
My analysis is simple: The MD5 authentication is broken for years and it's time to change to a more secure method. I think people needs to be encouraged to move to SSO authentication. Using MD5 now is unsafe and dangerous, especially with unchanged 4 year-old passwords.
Please share your thoughts about this situation. I will be happy to debate with you.
I want to thank Ivo Dijkhuis, RIPE NCC Information Security Officer, for the quality of the exchanges we had.
Regards,
-- Pierre Kim pierre.kim.sec@gmail.com @PierreKimSec https://pierrekim.github.io/