ml> the question is fine in here but i don't know if there are any binkd
ml> maintainers in here... they're more easily found in BINKD and apparently
ml> hang out more in BINKD.RU or some such...
I will check that one out ... thanks!
ml> there was something interesting discovered several months ago, though...
ml> in the CRAM-MD5 implementations, apparently only 32byte checksum strings are
ml> allowed (or used?) even though the spec allows for up to 64bytes (IIRC)... i
ml> scanned three years of binkd logs and all
ml> CRAM-MD5-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx strings are of the same
Not one to argue with a European on the hash algorithms, but, I just
implemented CRAM-MD5 and CRAM-SHA1. Understanding what I coded, the only flaw I
saw was when the "secret" is > 64 characters, then it switches to a 16bit
algorithm, and with CRAM you double process the "secret", so I guess they mean
if someone uses a 65 character or longer password for handshaking using BinkP
they have reduced the accuracy down to 32bit - but, I do not know of any sysop
who is willing to type in a 65+ character handshake.
Ozz
--- dBridge & Rhenium
* Origin: RVA Fido Support - ExchangeBBS.com, ModernPascal.com (1:275/362)
|
