Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • dd_area_choosers_common_refactor
  • dailybuild_linux-x64
  • dailybuild_win32
  • sqlite
  • rip_abstraction
  • dailybuild_macos-armv8
  • dd_file_lister_filanem_in_desc_color
  • mode7
  • dd_msg_reader_are_you_there_warning_improvement
  • c23-playing
  • syncterm-1.3
  • syncterm-1.2
  • test-build
  • hide_remote_connection_with_telgate
  • 638-can-t-control-c-during-a-file-search
  • add_body_to_pager_email
  • mingw32-build
  • cryptlib-3.4.7
  • ree/mastermind
  • sbbs320d
  • syncterm-1.6
  • syncterm-1.5
  • syncterm-1.4
  • sbbs320b
  • syncterm-1.3
  • syncterm-1.2
  • syncterm-1.2rc6
  • syncterm-1.2rc5
  • push
  • syncterm-1.2rc4
  • syncterm-1.2rc2
  • syncterm-1.2rc1
  • sbbs319b
  • sbbs318b
  • goodbuild_linux-x64_Sep-01-2020
  • goodbuild_win32_Sep-01-2020
  • goodbuild_linux-x64_Aug-31-2020
  • goodbuild_win32_Aug-31-2020
  • goodbuild_win32_Aug-30-2020
40 results

sbbs

  • Clone with SSH
  • Clone with HTTPS
  • Rob Swindell (on Debian Linux)'s avatar
    Rob Swindell authored
    ... rather than a hash of the *user's* password. This allows the local
    user to potentially change their password later without invalidating it on
    the RLogin server, assuming the RLogin server saves/reuses the specified
    password for subsequent authentication (as the Synchronet terminal server
    does).
    
    The existing -h option still works as before, but it's a known issue that if
    a user changes their password locally, they will no longer be able to
    re-authenticate with any RLogin servers they previously created accounts on
    using the previous password.
    
    With the -H option, the sysop is instead in control of the password used and
    since the resulting hash is from a combination and system and user unique
    source data (including optinal salt), as long the same -H password is not used
    for multiple 3rd party Rlogin servers, the hashed password should be secure
    from capture and reuse on any other RLogin server (or the local server).
    
    While the -h option might be slightly more secure (since a different user
    password is likely used for each generated hash), the -H option is less
    error-prone and still considered (by me) to be secure from password leaking
    and malicious reuse.
    d9ec9756
    History
    Name Last commit Last update