New "auth" scheme, MD5-PW, in the RIPE Database -=============================================- Introduction ------------ Currently the RIPE Database implements the only password based "auth" scheme, which is "CRYPT-PW" scheme. This scheme uses an encryption process which is similar to that used to make and check login passwords in UNIX. A password is chosen by the user; this is encrypted using DEC crypt(3) and put in the database. The encrypted password can be seen by everyone. The user sends the clear password in the same mail as the request to change an object using "password:" pseudo attribute. Motivation ---------- The main flaw of the CRYPT-PW scheme is that password is limited to 8 characters, which makes exhaustive searches of the key space possible given that crypted password is publicly available. Also the DES algorithm itself has a few quirks which lower the security of the scheme. Allowing longer keys and using more secure encryption algorithm could improve security of password-based auth scheme. Implementation -------------- A new "auth:" scheme is introduced based on MD5 hash algorithm. The format of the new "auth" scheme is: auth: MD5-PW where is an output of the md5-crypt, which is concatenation of "$1$" string, the salt, and the 128-bit hash output. For example: auth: MD5-PW $1$sD9e4pQn$1832L4.BxsZHusy0plg8i0 When submitting an update to the database that needs to be authorised using this scheme, a "password:" pseudo attribute must be used to submit a key (passphrase). The value of the key starts at the first non-white space character after the colon. Line continuation is not allowed for this pseudo attribute, so the whole pseudo attribute should fit on one line. If it gets split across multiple lines this will be treated as syntax error. If the mntner that defines authorisation information for the submission has CRYPT-PW and MD5-PW "auth" schemes, the key specified by "password:" will be checked for both types.