Info! Please note that this translation has been provided at best effort, for your convenience. The English page remains the official version.

Deprecation of CRYPT and MD5

Published On -
Deprecation of CRYPT and MD5

Authentication mechanisms for a safer WHOIS Database

AFRINIC is currently engaged in several undertakings in line with our commitment to improving the security and accuracy of the WHOIS Database, following the misappropriation of IP addresses in the WHOIS Database.

One of the security challenges inherent to the operation of the WHOIS Database has been the continued support for MD5 and CRYPT authentication mechanisms and password hashing algorithms.

In 2017, partial deprecation of CRYPT and MD5 authentication mechanisms was done. Consequently, a user could no longer create or update their maintainer(s) with a password hashed using these algorithms.

However, already existing passwords hashed by these algorithms could still be used to effect updates on database objects. Effective 12 December 2020, we shall fully deprecate support for CRYPT and MD5 authentication mechanisms. 

bcrypt 1The passwords will no longer work on updating other objects, except to allow an update of the maintainer object with an acceptable authentication mechanism.

Going forward, we are offering the possibility for users  to work with any of the following recommended authentication mechanisms  with their maintainers for WHOIS Database authentication:

BCRYPT PGP key X-509 key

 

This will be an added layer of safety in the WHOIS Database as we align with the current industry best practices for password hashing and storage. We encourage you to read more on maintainers here.

For any further inquiry and support on how to update the authentication mechanism, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..

 

 

 

 simone blog1

Simon Seruyinda

Database Manager @AFRINIC