Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AFRINIC-rpd] leaks passwords

Guy Antony Halse G.halse at
Thu Nov 22 06:49:43 UTC 2012


On Thu 2012-11-22 (09:50), Adiel Akplogan wrote:
> Our thinking is around a) Encouraging people to use PGP or X.509 
> instead of MD-5 b) Doing what you are suggesting and filter
> out the MD-5 encrypted password while displaying mntner queries 
> output, and/or c) gradually phase out MD-5 completely to only allow 
> PGP and X.509. In my sense a combination of (b) and (c) could be 
> the appropriate way to handle this for the long term. 

Or d) introduce an alternative as-yet-uncompromised password encryption
mechanism, such as SHA512. (perhaps whilst still doing b)).

Or e) extend to provide a web interface for maintaining
objects (the current version doesn't support all objects).

Or f) provide an HTTP-based API (as EPP did for DNS).  This would
allow/encourage people to automate maintenance tasks.

Sticking with e-mail, while I personally like the idea of X.509 (S/MIME), it
raises the barrier to entry for smaller members and might be difficult to
manage in a large environment.  (A password is easy to store in an
enterprise password safe, and easy for a number of people to use.)  There's
a lot to be said for keeping it simple.

- Guy
Manager: Systems, IT Division, Rhodes University, Grahamstown, South Africa
Email: G.Halse at   Web:   IRC: rm-rf at
*** ANSI Standard Disclaimer ***                                    J.A.P.H

More information about the RPD mailing list