Has anyone else taken the time to implement all that BinkP can be?

I have a design question for MPWD, basically an interpretation question on matching passwords.

Regards,
Ozz

--- dBridge & Rhenium
* Origin: RVA Fido Support - ExchangeBBS.com, ModernPascal.com (1:275/362)

On 2018 Jun 20 07:24:06, you wrote to All:

Has anyone else taken the time to implement all that BinkP can be?

not sure what you are asking...

I have a design question for MPWD, basically an interpretation
question on matching passwords.

the question is fine in here but i don't know if there are any binkd maintainers in here... they're more easily found in BINKD and apparently hang out more in BINKD.RU or some such...

there was something interesting discovered several months ago, though... in the
CRAM-MD5 implementations, apparently only 32byte checksum strings are allowed (or used?) even though the spec allows for up to 64bytes (IIRC)... i scanned three years of binkd logs and all CRAM-MD5-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx strings are of the same length... longer ones fail... i'm not sure about shorter ones... it was discussed in one of more of BINKD, NET_DEV, SYNC_SYSOPS,
SYNCHRONET, or SYNC_PROGRAMMING...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
... Religious error: (A)tone, (R)epent, (I)mmolate?
---
* Origin: (1:3634/12.73)

the question is fine in here but i don't know if there are any binkd maintainers in here... they're more easily found in BINKD and apparently hang out more in BINKD.RU or some such...

I will check that one out ... thanks!

there was something interesting discovered several months ago, though...
in the CRAM-MD5 implementations, apparently only 32byte checksum strings are allowed (or used?) even though the spec allows for up to 64bytes (IIRC)... i scanned three years of binkd logs and all CRAM-MD5-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx strings are of the same

Not one to argue with a European on the hash algorithms, but, I just implemented CRAM-MD5 and CRAM-SHA1. Understanding what I coded, the only flaw I
saw was when the "secret" is > 64 characters, then it switches to a 16bit algorithm, and with CRAM you double process the "secret", so I guess they mean if someone uses a 65 character or longer password for handshaking using BinkP they have reduced the accuracy down to 32bit - but, I do not know of any sysop who is willing to type in a 65+ character handshake.

Ozz

--- dBridge & Rhenium
* Origin: RVA Fido Support - ExchangeBBS.com, ModernPascal.com (1:275/362)

On 2018 Jun 21 13:10:52, you wrote to me:

there was something interesting discovered several months ago,
though... in the CRAM-MD5 implementations, apparently only 32byte
checksum strings are allowed (or used?) even though the spec allows
for up to 64bytes (IIRC)... i scanned three years of binkd logs and
all CRAM-MD5-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx strings are of the same

Not one to argue with a European on the hash algorithms, but, I just implemented CRAM-MD5 and CRAM-SHA1. Understanding what I coded, the
only flaw I saw was when the "secret" is > 64 characters, then it
switches to a 16bit algorithm, and with CRAM you double process the "secret", so I guess they mean if someone uses a 65 character or
longer password for handshaking using BinkP they have reduced the
accuracy down to 32bit - but, I do not know of any sysop who is
willing to type in a 65+ character handshake.

talk with rob swindell (aka digital man)... he found it, IIRC... it wasn't the length of the password, AFAIK... it was that string of x's i have up there... whatever that part is called :shrug:

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
... Out of my mind. Back in five minutes.
---
* Origin: (1:3634/12.73)