Subj : src/sbbs3/useredit.cpp
To   : Lmorchard
From : MRO
Date : Mon Feb 27 2023 03:16 pm

  Re: src/sbbs3/useredit.cpp
  By: Lmorchard to deon on Mon Feb 27 2023 08:09 pm

 >
 > So, you could reversibly encrypt the password, which doesn't really get you
 > much security since the decryption key would be co-located with the
 > passwords.
 >
 > You could calculate all the variant hashes up front on password change -
 > though then you'd need to force a password change if you ever alter what
 > auth mechanisms are supported.
 >
 > Sounds like a pain in the butt?

Yeah, but think of it this way: why do you put a lock on your door?
Anybody can kick it down.

It makes it harder. it's a deterrant. it draws attention.
i've actually got into several bbses using mods that have that exploit i mentioned. I've typed out the system pw and the users pw and taken complete control of a bbs.

It would be harder for a bonehead like me to go and grab a key and decrypt, yadda yadda yadda  when the way i just mentioned takes a few mins.
---
 þ Synchronet þ ::: BBSES.info - free BBS services :::

.