Dear colleagues, You will find below an updated draft of the migration plan to remove MD5 hashed passwords from the RIPE Database in 2025.
The original migration plan was announced last September to the DB-WG and at RIPE 89 in October: https://mailman.ripe.net/archives/list/[email protected]/thread/FTOPBPOGWIQFQPREKX64LOT6EOWUSTCR/ Thank you all for your valuable feedback, which we have taken into consideration, and in summary we now plan to deploy support for OAuth 2.0 in mid-2025, and we will delay the phase-out of MD5 hashed passwords completely to the end of 2025. The updated migration plan is as follows: * 30 January: Introduced support for API keys in the RIPE Database. * Q2 2025: Remove all MD5 hashed passwords that have not been used for authentication in the past year. This new step reduces the risk of having so many MD5 hashes in the database in case of a data breach, while minimising inconvenience for maintainers that are actively using passwords. This step will affect about 14,000 maintainers which have an alternative method of authentication (out of 62,000 total maintainers), and about 2,000 maintainers with no alternative method of authentication other than passwords. We will communicate this in advance to the DB-WG and to affected maintainers, and encourage them to switch to an alternative authentication method. * Q3 2025: Introduce support for OAuth 2.0 authentication, which will provide automation, including key rollover. * Q3 2025: Communicate to the DB-WG and affected maintainers that we plan to remove support for MD5 hashed passwords before the end of 2025. * Q3 2025: Select batches of maintainers to migrate away from passwords. * Warn that we will remove their MD5 hashed passwords in one month * Assist anyone who asks for help to switch to an alternative * Remove MD5 hashed passwords in batches * Q4 2025: Remove support for MD5 hashed passwords altogether. After that, any maintainers without an alternative authentication method must follow the “Forgot Maintainer Password” process, or contact the RIPE Database support directly. Please let us know if you have any comments on the details and timing. Regards Ed Shryane RIPE NCC ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
