Dear Colleagues,
Please let me summarise the additions and modifications to the proposal, and present you the next approximation.
Only changes to the proposal are included below.
Would it be possible to respond with your comments till the end of the next week so we can proceed with implementation?
Improving security of password (passphrase) based auth schemes (MD5
----- Original Message ----- From: "Andrei Robachevsky" <andrei@ripe.net> To: "Andrei Robachevsky" <andrei@ripe.net> Cc: <db-wg@ripe.net> Sent: Thursday, March 28, 2002 6:02 PM Subject: Re: MD5 proposal proposal)
-=========================================================================
[...]
Proposal --------
A new "auth:" scheme is introduced based on MD5 hash algorithm. The
of the new "auth" scheme is:
auth: MD5-PW <md5-crypt>
where <md5-crypt> is an output of the md5-crypt, which is concatenation of "$1$", the salt, and the 128-bit hash output.
For example:
auth: MD5-PW $1$sD9e4pQn$1832L4.BxsZHusy0plg8i0
#A comment: We feel that despite $1$ indication of the algorithm used we need
#this separate "MD5-PW" label. Our experience shows that every effort made to
#avoid confusion is eventually paid back.
#Another comment: we would appreciate if someone writes an #internet-draft on md5-crypt and processes it through IETF, as Randy #suggested.
At the first character after the first white space (space or tab)
following the colon (":")
When submitting an update to the database that needs to be authorised using this scheme, a "password:" pseudo-attribute must be used to submit a key (passphrase). Line continuation is not allowed for this attribute, so
===- format the
whole key should fit on one line. If the key gets split across multiple lines this will be treated as syntax error.
The value of the key starts at the first character after the first white space following the colon (":").
If the mntner that defines authorisation information for the submission
has
CRYPT-PW and MD5-PW "auth" schemes, the key specified by "password:" will be checked for both types.
Regards,
Andrei Robachevsky RIPE NCC