[19910] in North American Network Operators' Group
Re: InterNIC modification
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Wed Sep 30 20:37:29 1998
Date: Wed, 30 Sep 1998 20:19:59 -0400
From: "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>
To: nanog@merit.edu
In-Reply-To: <19980928191825.35869@shell.nacs.net>; from "Steven J. Sobol" <sjsobol@nacs.net> on Mon, Sep 28, 1998 at 07:18:25PM -0400
On Mon, Sep 28, 1998 at 07:18:25PM -0400, Steven J. Sobol wrote:
> > > Note that CRYPT-PW apparently only refers to how the passwords are stored
> > > on the InterNIC's servers; they're sent in plaintext when you e-mail the
> > > form.
> >
> > Well, you know... no.
> > I've seen the mail generated when you fill in the webform, and choose
> > CRYPT-PW. The CGI script encrypts the cleartext password, and that's
> > what's in the field in the email when it's mailed to you for
> > forwarding.
>
> Jay, my friend, I hate to be argumentative, but...
>
> Authorization
> 0a. (N)ew (M)odify (D)elete.........: M
> 0b. Auth Scheme.....................: CRYPT-PW
> 0c. Auth Info.......................: sj.3989.
>
> That is indeed the password associated with my NIC handle. Or was,
> anyhow. I've since changed it.
>
> That was in the e-mail sent to me, which was not PGP'd or encrypted in
> any way.
They've changed it, then. When I last used CRYPT-PW to register a
domain, I entered my password into the webform and the mail I was sent
to forward back in had a crypt(2) looking string in that position.
> For that matter, the OLD password is not encrypted on the contact form
> if you are modifying contact information for a certain handle, either.
The entire operation is pretty teen-age, as fas as I'm concerned.
> I guess that is supposed to make it easier to fill in the text file and
> mail it, as opposed to going to the web site. But it defeats the whole purpose
> of having an encrypted password.
Quite.
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff "The net is safer in bad weather: you
The Suncoast Freenet can't run a backhoe
Tampa Bay, Florida in a hurricane." (after Sean Donelan) +1 813 790 7592
Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
