North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: InterNIC modification
On Mon, Sep 28, 1998 at 05:15:30PM -0400, Jay R. Ashworth wrote: > On Sun, Sep 27, 1998 at 11:14:42PM -0400, Steven J. Sobol wrote: > > I've found that on changes to domains for which I'm already a contact, > > setting my authentication to CRYPT-PW works well, causing changes to be > > completed within hours. > > > > Note that CRYPT-PW apparently only refers to how the passwords are stored > > on the InterNIC's servers; they're sent in plaintext when you e-mail the > > form. > > Well, you know... no. > I've seen the mail generated when you fill in the webform, and choose > CRYPT-PW. The CGI script encrypts the cleartext password, and that's > what's in the field in the email when it's mailed to you for > forwarding. Jay, my friend, I hate to be argumentative, but... Authorization 0a. (N)ew (M)odify (D)elete.........: M 0b. Auth Scheme.....................: CRYPT-PW 0c. Auth Info.......................: sj.3989. That is indeed the password associated with my NIC handle. Or was, anyhow. I've since changed it. That was in the e-mail sent to me, which was not PGP'd or encrypted in any way. This is rather silly. YES, it IS encrypted when you originally set the password. It IS NOT encrypted in a domain registration form though. It should be. For that matter, the OLD password is not encrypted on the contact form if you are modifying contact information for a certain handle, either. I guess that is supposed to make it easier to fill in the text file and mail it, as opposed to going to the web site. But it defeats the whole purpose of having an encrypted password. Are people still having trouble with PGP, or has it been fixed? -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.