Subj : Re: Anonymous SSH login
To   : Exodus
From : Warpslide
Date : Fri Mar 19 2021 09:29 pm

*** Quoting Exodus from a message to Al ***

Ex> Hell, for years most software had the sysop be able to SEE the user's
Ex> passwords.

Ex> The only protection in a BBS that has been is a text based password.
Ex> Nothing  more, nothing less.

Yup, Telegard by default stores the passwords in plain text.  I've enabled
password encryption which then stores the password as a CRC value which is
better than nothing, but weak by today's standards.

At least more modern BBS packages use stronger methods like PBKDF2 SHA512
(which Mystic uses).

This would prevent a sysop from seeing the password and then trying to use it
elsewhere should (s)he be malicious.  Of course the user shouldn't be
re-using that password, but it's surprising just how many people do.

Jay

... Laugh and the world laughs with you, snore and you sleep alone.

--- Telegard v3.09.g2-sp4/mL
* Origin: Northern Realms | 289-424-5180 | bbs.nrbbs.net (21:3/110)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.