Subj : Re: Secure BBSing
To   : All
From : Nugax
Date : Sun Nov 12 2017 14:10:34

That's great, I just wonder if it's needed for a BBS? Seems like lots of work
that although is awesome, how many people are actively trying to hack bbs
accounts? Not very many I suspect.


On 03:14 05/11 , NuSkooler wrote:
>I'd like some input on ideas for securing BBSing. Some things I've implemented
>/ want to implement in ENiGMA 1/2 around this area:
>
>	* (Have) SSH and Secure WebSockets (wss://) support. Plain text (Telnet)
>across the internet is simply a bad idea.
>	* (Have) Strong PBKDF2 password hashing. No one should know or be able to
know
> your password. 
>	* (Have) ACS flags around secure state. If you're not secure, you can't
access
> file/message/whatever features
>	* (ToDo) Public key login. Securely upload a public key and switch your
>account to requiring public key vs password for SSH
>	* (ToDo) Secure-lock account. Allow a user to set their account to secure
>only. Logins will no longer be allowed if non-secure.
>	* (Have) HTTPS (TLS) downloads.
>	* (ToDo) HTTPS (TLS) uploads. SFTP may be a option here (inc d/l of course)
>	
>Bigger future work I'd like to do:
>Fully E2E encrypted messaging network. This would only be available to users 
>with previously mentioned secure ACS (else a 3rd party may be going
>non-secure). 
>
>...thoughts, comments, ideas, rants?
>
>
>--- ENiGMA 1/2 v0.0.8-alpha (linux; x64; 6.11.3)
> * Origin: Xibalba -+- xibalba.l33t.codes:44510 (700:100/9) 
>

-- 
yrNews Usenet Reader for iOS
http://appstore.com/yrNewsUsenetReader

--- Mystic BBS/NNTP v1.12 A35 (Linux/64)
 * Origin: -=The ByteXchange BBS : bbs.thebytexchange.com=- (700:100/12)

.