Subj : src/sbbs3/useredit.cpp
To   : Tracker1
From : deon
Date : Sun Mar 05 2023 14:41:15

  Re: src/sbbs3/useredit.cpp
  By: Tracker1 to deon on Sat Mar 04 2023 08:41 pm

Howdy,

 > Because supported authentication mechanisms, such as CRAM-MD5 rely on having
 > the original (unencrypted) passphrase, or at least an intermediate
 > representation. Because of this, it would effectively need reversable
 > encryption... and because with SBBS this would most likely mean a key that
 > is right next to the vault... there's not much point in locking said vault.

Yeah, I hadnt considered the email authentication methods, like CRAM-MD5, that authenticated based on a known shared secret (the password), without transferring that over the wire. I believe that is the only other auth method that SBBS uses (over passwords in the clear).

But I dont agree with the last point "no much point locking said vault". I still think that having the passwords encrypted with a key is still better than having the password in the clear. But that might just be my view...

(I do understand that in the event that a non authorised person has access to the filesystem, that encrypting is no more secure if they key is just as easy to obtain. But if the key can only be visible to a specific user, and somebody breaks in impersonating that user, then you have bigger problems.)


....כמון

---
 ‏ Synchronet ‏ AnsiTEX bringing back videotex but with ANSI
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.