Dear Colleagues, You may remember that at the RIPE-41 it was agreed to improve the security of password(passphrase) based auth-schemes by introducing the MD5 hash algorithm for password encryption. Please find enclosed the MD5 proposal for your comments and suggestions. Regards, Andrei Robachevsky DB Group Manager RIPE NCC Improving security of password (passphrase) based auth schemes (MD5 proposal) -============================================================================- Introduction ------------ Currently the RIPE Database implements the only password based "auth" scheme, which is "CRYPT-PW" scheme. This scheme uses an encryption process which is similar to that used to make and check login passwords in UNIX. A password is chosen by the user; this is encrypted using DEC crypt(3) and put in the database. The encrypted password can be seen by everyone. The user sends the clear password in the same mail as the request to change an object using "password:" pseudo-attribute. Motivation ---------- The main flaw of the CRYPT-PW scheme is that password is limited to 8 characters, which makes exhaustive searches of the key space possible given that crypted password is publicly available. Also the DES algorithm itself has a few quirks which lower the security of the scheme. Allowing longer keys and using more secure encryption algorithm could improve security of password-based auth scheme. Proposal -------- A new "auth:" scheme is introduced based on MD5 hash algorithm. The format of the new "auth" scheme is: auth: MD5-PW <digest> where <digest> is a 128-bit MD5 digest. For example: auth: MD5-PW 4aabd3dbc0746c8a4b5467f99a4f8524 When submitting an update to the database that needs to be authorised using this scheme, a "password:" pseudo-attribute must be used to submit a key (passphrase). Line continuation is not allowed for this attribute, so the whole key should fit on one line. If the key gets split across multiple lines this will be treated as syntax error. If the mntner that defines authorisation information for the submission has CRYPT-PW and MD5-PW "auth" schemes, the key specified by "password:" will be checked for both types.