... darkrealms ...

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

SYNCHRONET

Rob Swindell fetishistic worship forum

43,341 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 43,331 of 43,341

Feserenity to Digital Man

Question on User Data

18 Feb 26 00:12:55

   TZUTC: -0800   
   MSGID: 55930.sync@1:103/705 2dfb8501   
   REPLY: 55927.sync@1:103/705 2dfb464c   
   PID: Synchronet 3.21b-Linux master/a3797f107 Feb 15 2026 GCC 12.2.0   
   TID: SBBSecho 3.37-Linux master/b210bfee3 Feb 16 2026 GCC 12.2.0   
   COLS: 213   
   BBSID: VERT   
   CHRS: ASCII 1   
   FORMAT: flowed   
   NOTE: FSEditor.js v1.105   
     Re: Question on User Data   
     By: Digital Man to Feserenity on Tue Feb 17 2026 07:45 pm   
      
    > No, there's no mechanism for hashing or encrypting the passwords in the   
   Synchronet userbase (today, that's data/user/user.tab). A one-way hash would   
   be particularly tricky because Synchronet supports a bunch   
    > of   
    > digest-based authentication methods that all require different hashes of   
   the password along with challenge/nonce/sale (so you need the original   
   password to compute those).   
    >   
    > We could encrypt the passwords on disk (reversable to plaintext again, for   
   the above stated reasons), but then you need to have/store a key to decrypt   
   them somewhere and how is that any more secure than the   
    > user.tab file? It's a can of worms that hasn't be worth dumping out and   
   sorting through.   
      
   Thanks! Yeah that would make it tricky if supporting other Auth mechanisms   
   that need to have their client-given hash + salt match the server-side   
   password post hashing + salting. Hmmmm.... Yeah in that case is definitely a   
   can of worms. And for sure encrypting them at rest is a nice idea but then if   
   you have to decrypt them per login operation then the information is floating   
   around on the server anyways to revert them back to plaintext.   
      
   Will go with the human-side solution for now and encourage folks to not use a   
   password they don't want me to potentially see.   
      
   Thanks again!   
   --- SBBSecho 3.37-Linux   
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)   
   SEEN-BY: 103/705 105/81 106/201 124/5016 128/187 129/14 153/757 7715   
   SEEN-BY: 154/10 30 110 203/0 218/700 221/0 226/30 227/114 229/110   
   SEEN-BY: 229/112 134 206 317 400 426 428 470 700 705 240/1120 5832   
   SEEN-BY: 263/1 266/512 280/464 5003 5006 291/111 292/8125 301/1 310/31   
   SEEN-BY: 320/219 322/757 341/66 234 342/200 396/45 423/120 460/58   
   SEEN-BY: 633/267 280 384 410 414 418 420 422 2744 712/848 770/1 902/26   
   SEEN-BY: 5020/400 5075/35   
   PATH: 103/705 280/464 633/280 229/426

[ << oldest | < older | list | newer > | newest >> ]