News

Authentication mechanisms for a safer WHOIS Database

 

AFRINIC is currently engaged in several undertakings in line with our commitment to improving the security and accuracy of the WHOIS Database, following the misappropriation of IP addresses in the WHOIS Database.

One of the security challenges inherent to the operation of the WHOIS Database has been the continued support for MD5 and CRYPT authentication mechanisms and password hashing algorithms.

In 2017, partial deprecation of CRYPT and MD5 authentication mechanisms was done. Consequently, a user could no longer create or update their maintainer(s) with a password hashed using these algorithms.

However, already existing passwords hashed by these algorithms could still be used to effect updates on database objects. Effective 12 December 2020, we shall fully deprecate support for CRYPT and MD5 authentication mechanisms. The passwords will no longer work on updating other objects, except to allow an update of the maintainer object with an acceptable authentication mechanism.

In the future, we are offering the possibility for users to work with any of the following recommended authentication mechanisms with their maintainers for WHOIS Database authentication:

  • BCRYPT
  • PGP key
  • X-509 key

This will be an added layer of safety in the WHOIS Database as we align with the current industry best practices for password hashing and storage. We encourage you to read more on maintainers here.

For any further inquiry and support on how to update the authentication mechanism, please contact us at hostmaster@afrinic.net.

 

Eddy Kayihura was appointed in the position of the Chief Executive Officer of AFRINIC in November 2019. Ashil Oogarah, AFRINIC’s communications team leader sat down with Mr Kayihura to get his reflects on his year serving AFRINIC and its community as well as his thoughts on the new AFRINIC Strategic Plan 2021-2023 and the role AFRINIC can play in developing the future of the Internet in the region.