On 11/11/2011 06:24 PM, Denis Walker wrote:
[Apologies for duplicate emails]
Dear colleagues,
The RIPE NCC has formed a technical solution for the issue of publicly displaying MD5 password hashes in the RIPE Database. The solution includes:
* Filtering out of all "auth:" attributes from all query results of MNTNER objects
Why filter all auth attributes? What if someone will want to use public key to send encrypted mail? :) Also what about implementing stronger schemes for plain passwords like SHA-256,512?
* Displaying MNTNER objects with "auth:" attributes only in Webupdates after password authentication
We published an article on RIPE Labs describing the details, including a mockup of the password authentication required by Webupdates: https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database
Additionally, we added a basic strength indicator to the password generator: https://apps.db.ripe.net/crypt/crypt.html
We look forward to your comments and feedback, either on the Database Working Group mailing list or below the article itself.
Kind regards,
Denis Walker Business Analyst RIPE NCC Database Group