MI5 hate encryption so much, they don't use it!]
Ben Laurie
ben at algroup.co.uk
Wed, 03 Jul 2002 16:40:13 +0100
Nexus wrote:
> Well they won't be able to use MAIL FROM: for much longer, viz
> http://www.ripe.net/db/MD5-HOWTO.html
> I also note that RIPE themselves warn of the dangers of using either MD5-PW
> or CRYPT-PW at http://www.ripe.net/ripencc/pub-services/db/security.html
Oh yes, this isn't exactly news, which is what makes it even more
surprising.
> Still, breaking the MD5-PW will take a bit of grunt as they use an 8
> character salt, but it could still be done.
> http://www.ripe.net/cgi-bin/cgicrypt.pl.cgi
Agreed - of course, the exposure of the password in plaintext in emails
should also be cause for concern, as I noted.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff