TID: Mystic BBS 1.12 A47   
   MSGID: 1:129/215 431c367e   
   REPLY: 1:229/426.52 222e8641   
   TZUTC: -0400   
    AG> As mentioned before, I'm working on an API that will read certain   
    AG> aspects of the  data for a client of mine and all I have left to do is   
    AG> to synch up the password  hashes.  Does anyone know what salt was used   
    AG> to create the hashes?  That way I can do an active comparison of   
    AG> passwords and not use unecrypted storage.   
      
   The intention of authentication from external sources was to force people to   
   call Mystic either via a series of REST API calls (one to establish a   
   preliminary session and token ID, and another to authenticate a password), or   
   by running Mystic with the -AUTH command line (which will spit out TRUE/FALSE   
   to STDIO).   
      
   To answer your question though the passwords are a 512-bit PBKDF2 with   
   variable iterations and a randomized salt.  I try not to talk about specifics   
   too much publically because in addition to the PBKDF2 there is also an element   
   of security through obscurity too.   
      
   I go back and forth as to whether or not I should document how to handle the   
   hashes directly for something like what you want to do.  But I would certainly   
   hate for that to be the cause for someone to enable cleartext passwords (which   
   is a feature I have considered removing as well).   
      
   Would the STDIO or REST API work for you as an alternative or is what you are   
   doing designed to work directly with data files only?   
      
   --- Mystic BBS v1.12 A47 2021/04/28 (Windows/64)   
    * Origin: Sector 7 | Mystic WHQ (1:129/215)   
   SEEN-BY: 1/123 90/1 103/705 105/81 120/340 457 616 123/10 131 124/5016   
   SEEN-BY: 129/215 305 154/10 30 40 50 700 203/0 220/50 80 90 221/0   
   SEEN-BY: 221/6 226/30 227/114 201 702 229/100 101 310 424 426 452   
   SEEN-BY: 229/550 664 700 981 1016 1017 240/5832 249/110 206 307 317   
   SEEN-BY: 249/400 280/464 5003 282/1038 292/854 8125 301/1 317/3 322/757   
   SEEN-BY: 342/200 396/45 633/280 770/1 2452/250 3634/12   
   PATH: 129/215 154/10 280/464 229/101 426