ml> the question is fine in here but i don't know if there are any binkd   
   ml> maintainers in here... they're more easily found in BINKD and apparently   
   ml> hang out more in BINKD.RU or some such...   
       
   I will check that one out ... thanks!   
       
   ml> there was something interesting discovered several months ago, though...   
   ml> in the CRAM-MD5 implementations, apparently only 32byte checksum strings   
   ml> are allowed (or used?) even though the spec allows for up to 64bytes   
   ml> (IIRC)... i scanned three years of binkd logs and all   
   ml> CRAM-MD5-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx strings are of the same   
       
   Not one to argue with a European on the hash algorithms, but, I just   
   implemented CRAM-MD5 and CRAM-SHA1. Understanding what I coded, the only flaw I   
    saw was when the "secret" is > 64 characters, then it switches to a 16bit   
   algorithm, and with CRAM you double process the "secret", so I guess they mean   
   if someone uses a 65 character or longer password for handshaking using BinkP   
   they have reduced the accuracy down to 32bit - but, I do not know of any sysop   
   who is willing to type in a 65+ character handshake.   
       
   Ozz    
      
   --- dBridge & Rhenium   
    * Origin: RVA Fido Support - ExchangeBBS.com, ModernPascal.com (1:275/362)