AltDB? (IRR support & direction at ARIN)

Jeff Wheeler jsw at inconcepts.biz
Mon Jan 10 16:54:03 CST 2011


On Mon, Jan 10, 2011 at 12:37 PM, Jon Lewis <jlewis at lewis.org> wrote:
> On Sun, 9 Jan 2011, Charles N Wyble wrote:
>
>>> I am simply suggesting it is dangerous and irresponsible to run an IRR
>>> with only MAIL-FROM authentication, and quite easy to also support
>>> CRYPT-PW.  ARIN should either support passwords or immediately make
>
> The trouble is, since the DES crypt passwords are publicly accessible, even
> CRYPT-PW is not much security.  I suspect with a copy of the db, a passsword
> cracking program, and some modest computing capacity, you could crack all

DES crypt() is not completely trivial yet, but I agree, it is far from
state-of-the-art.  It is substantially superior to MAIL-FROM.  In
addition, MERIT reduced this problem by simply filtering out the
hashes from the RADB.db file and whois output (and presumably also,
the www.radb.net tools.)

-- 
Jeff S Wheeler <jsw at inconcepts.biz>
Sr Network Operator  /  Innovative Network Concepts




More information about the NANOG mailing list