North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: InterNIC modification
On Mon, Sep 28, 1998 at 07:18:25PM -0400, Steven J. Sobol wrote: > > > Note that CRYPT-PW apparently only refers to how the passwords are stored > > > on the InterNIC's servers; they're sent in plaintext when you e-mail the > > > form. > > > > Well, you know... no. > > I've seen the mail generated when you fill in the webform, and choose > > CRYPT-PW. The CGI script encrypts the cleartext password, and that's > > what's in the field in the email when it's mailed to you for > > forwarding. > > Jay, my friend, I hate to be argumentative, but... > > Authorization > 0a. (N)ew (M)odify (D)elete.........: M > 0b. Auth Scheme.....................: CRYPT-PW > 0c. Auth Info.......................: sj.3989. > > That is indeed the password associated with my NIC handle. Or was, > anyhow. I've since changed it. > > That was in the e-mail sent to me, which was not PGP'd or encrypted in > any way. They've changed it, then. When I last used CRYPT-PW to register a domain, I entered my password into the webform and the mail I was sent to forward back in had a crypt(2) looking string in that position. > For that matter, the OLD password is not encrypted on the contact form > if you are modifying contact information for a certain handle, either. The entire operation is pretty teen-age, as fas as I'm concerned. > I guess that is supposed to make it easier to fill in the text file and > mail it, as opposed to going to the web site. But it defeats the whole purpose > of having an encrypted password. Quite. Cheers, -- jra -- Jay R. Ashworth [email protected] Member of the Technical Staff "The net is safer in bad weather: you The Suncoast Freenet can't run a backhoe Tampa Bay, Florida in a hurricane." (after Sean Donelan) +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com
|