Subj : Bug report: BinkP CRAM challenges
To   : All
From : Rob Swindell
Date : Fri Mar 09 2018 11:36 am

I'm not sure if this echo is still active (doesn't appear to be), but here goes
anyway:

During the development of a new BinkP mailer
(http://wiki.synchro.net/module:binkit) we found an incompatibility with
Internet Rex 2.29 Win32, due to a BinkP spec violation:

When IRex is making an outbound connection to a BinkP link using CRAM-MD5 auth,
if the CRAM challenge (sent by the remote) is greater in length than 16 bytes
(32 hex chars), then IRex fails to compute the CRAM response (MD5-HMAC)
correctly. The specification (FTS-1027) states:

 "Size and contents of challenge data are implementation-dependent,
  but it SHOULD be no smaller than 8 bytes and no bigger than 64
  bytes."

Yet IRex appears to only support 16 byte challenges (which happens to be what
BinkD sends, always).

                                           digital man

Synchronet/BBS Terminology Definition #52:
Sysop = System Operator
Norco, CA WX: 67.9�F, 37.0% humidity, 0 mph ENE wind, 0.00 inches rain/24hrs

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.