InterNIC modification
Jared Mauch
jared at puck.nether.net
Mon Sep 28 23:50:01 UTC 1998
On Mon, Sep 28, 1998 at 07:18:25PM -0400, Steven J. Sobol wrote:
> On Mon, Sep 28, 1998 at 05:15:30PM -0400, Jay R. Ashworth wrote:
> > On Sun, Sep 27, 1998 at 11:14:42PM -0400, Steven J. Sobol wrote:
> > > I've found that on changes to domains for which I'm already a contact,
> > > setting my authentication to CRYPT-PW works well, causing changes to be
> > > completed within hours.
> > >
> > > Note that CRYPT-PW apparently only refers to how the passwords are stored
> > > on the InterNIC's servers; they're sent in plaintext when you e-mail the
> > > form.
> >
> > Well, you know... no.
> > I've seen the mail generated when you fill in the webform, and choose
> > CRYPT-PW. The CGI script encrypts the cleartext password, and that's
> > what's in the field in the email when it's mailed to you for
> > forwarding.
>
> Jay, my friend, I hate to be argumentative, but...
>
> Authorization
> 0a. (N)ew (M)odify (D)elete.........: M
> 0b. Auth Scheme.....................: CRYPT-PW
> 0c. Auth Info.......................: sj.3989.
>
> That is indeed the password associated with my NIC handle. Or was,
> anyhow. I've since changed it.
>
> That was in the e-mail sent to me, which was not PGP'd or encrypted in
> any way.
>
> This is rather silly. YES, it IS encrypted when you originally set the
> password. It IS NOT encrypted in a domain registration form though. It should
> be.
Then what stops me from finding your original crypt() and
sending that in.
In the case of what you want, pgp is the correct
solution.
More information about the NANOG
mailing list