Subj : src/sbbs3/useredit.cpp
To   : deon
From : Lmorchard
Date : Mon Feb 27 2023 20:09:31

  Re: src/sbbs3/useredit.cpp
  By: deon to Digital Man on Mon Feb 27 2023 08:08 pm

 > So you said "We'd have to have a way to decrypt an encrypted password".
 >
 > My question, is why do you need to decrypt it?

Random drive-by comment from someone just starting to peek at the codebase: It sounds like there are multiple auth mechanisms. Each uses a different hashing algo which requires the plaintext password as input.

So, you could reversibly encrypt the password, which doesn't really get you much security since the decryption key would be co-located with the passwords.

You could calculate all the variant hashes up front on password change - though then you'd need to force a password change if you ever alter what auth mechanisms are supported.

Sounds like a pain in the butt?

---
 þ Synchronet þ 0xDECAFBAD - bbs.decafbad.com
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.