News

AFRINIC undertook an audit of all IPv4 number resources, which consisted of verifying the rightful custodianship of those resources. The audit also verifies the processes adopted for the allocation of IPv4 number resources and includes both legacy and non-legacy resources that fall under AFRINIC’s service region.

The report also highlights the actions taken by AFRINIC, so far, to keep its stakeholders informed about the situation, infrastructural improvements regarding its database, a review of its operational business rules and procedures, including but not limited to a review of infrastructural user access.

Finally, the report provides some recommendations which may assist AFRINIC in ensuring an accurate WHOIS database.

 

- Click here to read the full report

- Click here to read a summary of the report

 

 

 

Authentication mechanisms for a safer WHOIS Database

 

AFRINIC is currently engaged in several undertakings in line with our commitment to improving the security and accuracy of the WHOIS Database, following the misappropriation of IP addresses in the WHOIS Database.

One of the security challenges inherent to the operation of the WHOIS Database has been the continued support for MD5 and CRYPT authentication mechanisms and password hashing algorithms.

In 2017, partial deprecation of CRYPT and MD5 authentication mechanisms was done. Consequently, a user could no longer create or update their maintainer(s) with a password hashed using these algorithms.

However, already existing passwords hashed by these algorithms could still be used to effect updates on database objects. Effective 12 December 2020, we shall fully deprecate support for CRYPT and MD5 authentication mechanisms. The passwords will no longer work on updating other objects, except to allow an update of the maintainer object with an acceptable authentication mechanism.

In the future, we are offering the possibility for users to work with any of the following recommended authentication mechanisms with their maintainers for WHOIS Database authentication:

  • BCRYPT
  • PGP key
  • X-509 key

This will be an added layer of safety in the WHOIS Database as we align with the current industry best practices for password hashing and storage. We encourage you to read more on maintainers here.

For any further inquiry and support on how to update the authentication mechanism, please contact us at hostmaster@afrinic.net.