Dear colleagues, In answer to an off-list question, to clarify below there are just over 62,000 maintainers in total, and just over 18,000 maintainers with at least one MD5 hashed password. Only 1,446 distinct maintainers from those 18,000 used one of those MD5 hashed passwords to authenticate an update between the beginning of 2024 to mid-March 2025. In Q2 we plan to remove all passwords which have not been in use since the beginning of 2024. Regards Ed Shryane RIPE NCC
On 31 Mar 2025, at 15:55, Edward Shryane <eshryane@ripe.net> wrote:
Dear colleagues,
According to January's updated migration plan to remove all MD5 hashed passwords from the RIPE database in 2025 : https://mailman.ripe.net/archives/list/db-wg@ripe.net/thread/NGCRQWJPF7MT24V...
In Q2 2025, the RIPE NCC plans to remove all MD5 hashed passwords that have not been used for authentication in the past year, to reduce the risk of having so many MD5 hashes in the database in case of a data breach.
Using 1st January 2024 as a cut-off, we found this will affect approximately 17,000 out of 62,000 maintainers.
Accordingly, between this April and June, we will split these affected 17,000 maintainers into small groups and email each group separately, explaining that we plan to remove any such hash(es) from their mntner object. We will give each group at least one week's notice before updating their mntner object. We will not quote a password hash in any email to avoid exposing it, the maintainer is expected to know which password(s) are in active use.
Affected maintainers will be free to create a replacement MD5 hashed password themselves. However as passwords will be removed by the end of 2025, we will encourage them to switch to an alternative authentication method instead, such as API keys.
Most affected maintainers have an alternative method of authentication. However, approximately 3,000 of those do *not* have any alternative. If a maintainer is left without any authentication method, the Forgot Maintainer Password process will have to be followed to regain access to the maintainer. We plan to leave these maintainers until last.
Please let us know your comments and/or questions regarding this planned change.
Regards Ed Shryane RIPE NCC