On 2018 Jun 21 13:10:52, you wrote to me:   
      
    ml>> there was something interesting discovered several months ago,   
    ml>> though... in the CRAM-MD5 implementations, apparently only 32byte   
    ml>> checksum strings are allowed (or used?) even though the spec allows   
    ml>> for up to 64bytes (IIRC)... i scanned three years of binkd logs and   
    ml>> all CRAM-MD5-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx strings are of the same   
      
    ON> Not one to argue with a European on the hash algorithms, but, I just   
    ON> implemented CRAM-MD5 and CRAM-SHA1. Understanding what I coded, the   
    ON> only flaw I saw was when the "secret" is > 64 characters, then it   
    ON> switches to a 16bit algorithm, and with CRAM you double process the   
    ON> "secret", so I guess they mean if someone uses a 65 character or   
    ON> longer password for handshaking using BinkP they have reduced the   
    ON> accuracy down to 32bit - but, I do not know of any sysop who is   
    ON> willing to type in a 65+ character handshake.   
      
   talk with rob swindell (aka digital man)... he found it, IIRC... it wasn't the   
   length of the password, AFAIK... it was that string of x's i have up there...   
   whatever that part is called :shrug:   
      
   )\/(ark   
      
   Always Mount a Scratch Monkey   
   Do you manage your own servers? If you are not running an IDS/IPS yer doin' it   
   wrong...   
   ... Out of my mind. Back in five minutes.   
   ---   
    * Origin:  (1:3634/12.73)