North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: InterNIC modification
On Mon, Sep 28, 1998 at 07:18:25PM -0400, Steven J. Sobol wrote: > On Mon, Sep 28, 1998 at 05:15:30PM -0400, Jay R. Ashworth wrote: > > On Sun, Sep 27, 1998 at 11:14:42PM -0400, Steven J. Sobol wrote: > > > I've found that on changes to domains for which I'm already a contact, > > > setting my authentication to CRYPT-PW works well, causing changes to be > > > completed within hours. > > > > > > Note that CRYPT-PW apparently only refers to how the passwords are stored > > > on the InterNIC's servers; they're sent in plaintext when you e-mail the > > > form. > > > > Well, you know... no. > > I've seen the mail generated when you fill in the webform, and choose > > CRYPT-PW. The CGI script encrypts the cleartext password, and that's > > what's in the field in the email when it's mailed to you for > > forwarding. > > Jay, my friend, I hate to be argumentative, but... > > Authorization > 0a. (N)ew (M)odify (D)elete.........: M > 0b. Auth Scheme.....................: CRYPT-PW > 0c. Auth Info.......................: sj.3989. > > That is indeed the password associated with my NIC handle. Or was, > anyhow. I've since changed it. > > That was in the e-mail sent to me, which was not PGP'd or encrypted in > any way. > > This is rather silly. YES, it IS encrypted when you originally set the > password. It IS NOT encrypted in a domain registration form though. It should > be. Then what stops me from finding your original crypt() and sending that in. In the case of what you want, pgp is the correct solution.
|