MI5 hate encryption so much, they don't use it!]
Quentin Campbell
Q.G.Campbell at newcastle.ac.uk
Wed, 3 Jul 2002 14:37:30 +0100
> -----Original Message-----
> From: Nexus [mailto:nexus@patrol.i-way.co.uk]=20
> Sent: 03 July 2002 13:49
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: MI5 hate encryption so much, they don't use it!]
>=20
>=20
> Well they won't be able to use MAIL FROM: for much longer,=20
> viz http://www.ripe.net/db/MD5-HOWTO.html
> I also note that RIPE themselves warn of the dangers of using=20
> either MD5-PW or CRYPT-PW at=20
> http://www.ripe.net/ripencc/pub-services/db/security.html
>=20
[snip]
The latter URL gives some odd and contradictory advice on
authentication, suggesting using PGP but leaving a "backdoor" that uses
a weaker mechanism.
After pointing out that CRYPT-PW is less secure than MD5-PW, which is
itself also open to password cracking or e-mail snooping, it says "If,
for whatever reason, a user does not feel comfortable with only PGPKEY
[authentication] and prefers to leave a "backdoor", please use CRYPT-PW
as an addition[al authentication method], choosing a good password, but
use PGPKEY for daily operations."
When the experts at RIPE are offering that sort of advice perhaps Ben
was being a little hard on MI5. :-)
Quentin
---
PHONE: +44 191 222 8209 Computing Service, University of Newcastle
FAX: +44 191 222 8765 Newcastle upon Tyne, United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own."=20