[134767] in North American Network Operators' Group
Re: AltDB? (IRR support & direction at ARIN)
daemon@ATHENA.MIT.EDU (Jeff Wheeler)
Mon Jan 10 17:54:11 2011
In-Reply-To: <Pine.LNX.4.61.1101100026130.5148@soloth.lewis.org>
Date: Mon, 10 Jan 2011 17:54:03 -0500
From: Jeff Wheeler <jsw@inconcepts.biz>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Jan 10, 2011 at 12:37 PM, Jon Lewis <jlewis@lewis.org> wrote:
> On Sun, 9 Jan 2011, Charles N Wyble wrote:
>
>>> I am simply suggesting it is dangerous and irresponsible to run an IRR
>>> with only MAIL-FROM authentication, and quite easy to also support
>>> CRYPT-PW. =A0ARIN should either support passwords or immediately make
>
> The trouble is, since the DES crypt passwords are publicly accessible, ev=
en
> CRYPT-PW is not much security. =A0I suspect with a copy of the db, a pass=
sword
> cracking program, and some modest computing capacity, you could crack all
DES crypt() is not completely trivial yet, but I agree, it is far from
state-of-the-art. It is substantially superior to MAIL-FROM. In
addition, MERIT reduced this problem by simply filtering out the
hashes from the RADB.db file and whois output (and presumably also,
the www.radb.net tools.)
--=20
Jeff S Wheeler <jsw@inconcepts.biz>
Sr Network Operator=A0 /=A0 Innovative Network Concepts
