Subj : Implementing MPWD
To   : Ozz Nixon
From : mark lewis
Date : Fri Jun 22 2018 03:07 am

On 2018 Jun 21 13:10:52, you wrote to me:

ml>> there was something interesting discovered several months ago,
ml>> though... in the CRAM-MD5 implementations, apparently only 32byte
ml>> checksum strings are allowed (or used?) even though the spec allows
ml>> for up to 64bytes (IIRC)... i scanned three years of binkd logs and
ml>> all CRAM-MD5-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx strings are of the same

ON> Not one to argue with a European on the hash algorithms, but, I just
ON> implemented CRAM-MD5 and CRAM-SHA1. Understanding what I coded, the
ON> only flaw I saw was when the "secret" is > 64 characters, then it
ON> switches to a 16bit algorithm, and with CRAM you double process the
ON> "secret", so I guess they mean if someone uses a 65 character or
ON> longer password for handshaking using BinkP they have reduced the
ON> accuracy down to 32bit - but, I do not know of any sysop who is
ON> willing to type in a 65+ character handshake.

talk with rob swindell (aka digital man)... he found it, IIRC... it wasn't the
length of the password, AFAIK... it was that string of x's i have up there...
whatever that part is called :shrug:

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it
wrong...
... Out of my mind. Back in five minutes.
---
* Origin:  (1:3634/12.73)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.