Authentication mechanisms for a safer WHOIS Database

AFRINIC is currently engaged in several undertakings in line with our commitment to improving the security and accuracy of the WHOIS Database, following the misappropriation of IP addresses in the WHOIS Database.

One of the security challenges inherent to the operation of the WHOIS Database has been the continued support for MD5 and CRYPT authentication mechanisms and password hashing algorithms.

In 2017, partial deprecation of CRYPT and MD5 authentication mechanisms was done. Consequently, a user could no longer create or update their maintainer(s) with a password hashed using these algorithms.

However, already existing passwords hashed by these algorithms could still be used to effect updates on database objects. Effective 12 December 2020, we shall fully deprecate support for CRYPT and MD5 authentication mechanisms. The passwords will no longer work on updating other objects, except to allow an update of the maintainer object with an acceptable authentication mechanism.

In the future, we are offering the possibility for users to work with any of the following recommended authentication mechanisms with their maintainers for WHOIS Database authentication:

• BCRYPT
• PGP key
• X-509 key

This will be an added layer of safety in the WHOIS Database as we align with the current industry best practices for password hashing and storage. We encourage you to read more on maintainers here.

For any further inquiry and support on how to update the authentication mechanism, please contact us at hostmaster@afrinic.net.

Continue