... darkrealms ...

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

SYNC_PROGRAMMING

Synchronet/Baja/XSDK Programming

49,116 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 46,796 of 49,116

Rob Swindell (on Debian Linux) to Git commit to main/sbbs/master

exec/rlogin.js

19 Apr 25 13:26:00

   TZUTC: -0700   
   MSGID: 52174.syncprog@1:103/705 2c6a08a6   
   PID: Synchronet 3.21a-Linux master/85dea2614 Apr 11 2025 GCC 12.2.0   
   TID: SBBSecho 3.24-Linux master/a20ba6050 Apr 11 2025 GCC 12.2.0   
   BBSID: VERT   
   CHRS: ASCII 1   
   https://gitlab.synchro.net/main/sbbs/-/commit/d9ec9756815cdaf1e29d8477   
   Modified Files:   
   	exec/rlogin.js   
   Log Message:   
   Add -H  option, to send specified hashed-password   
      
   ... rather than a hash of the *user's* password. This allows the local   
   user to potentially change their password later without invalidating it on   
   the RLogin server, assuming the RLogin server saves/reuses the specified   
   password for subsequent authentication (as the Synchronet terminal server   
   does).   
      
   The existing -h option still works as before, but it's a known issue that if   
   a user changes their password locally, they will no longer be able to   
   re-authenticate with any RLogin servers they previously created accounts on   
   using the previous password.   
      
   With the -H option, the sysop is instead in control of the password used and   
   since the resulting hash is from a combination and system and user unique   
   source data (including optinal salt), as long the same -H password is not used   
   for multiple 3rd party Rlogin servers, the hashed password should be secure   
   from capture and reuse on any other RLogin server (or the local server).   
      
   While the -h option might be slightly more secure (since a different user   
   password is likely used for each generated hash), the -H option is less   
   error-prone and still considered (by me) to be secure from password leaking   
   and malicious reuse.   
   --- SBBSecho 3.24-Linux   
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)   
   SEEN-BY: 103/705 105/81 106/201 124/5016 128/187 153/757 7715 154/10   
   SEEN-BY: 154/30 110 203/0 218/700 221/0 226/30 227/114 229/110 114   
   SEEN-BY: 229/206 317 400 426 428 470 550 700 705 240/1120 5832 263/1   
   SEEN-BY: 266/512 280/464 5003 5006 291/111 292/8125 301/1 320/219   
   SEEN-BY: 322/757 341/66 234 342/200 396/45 423/120 460/58 467/888   
   SEEN-BY: 633/267 280 384 418 420 2744 712/848 770/1 902/26 5020/400   
   SEEN-BY: 5075/35   
   PATH: 103/705 280/464 633/280 229/426

[ << oldest | < older | list | newer > | newest >> ]