Re: src/sbbs3/useredit.cpp
By: Lmorchard to deon on Mon Feb 27 2023 08:09 pm
>
> So, you could reversibly encrypt the password, which doesn't really get you
> much security since the decryption key would be co-located with the
> passwords.
>
> You could calculate all the variant hashes up front on password change -
> though then you'd need to force a password change if you ever alter what
> auth mechanisms are supported.
>
> Sounds like a pain in the butt?
Yeah, but think of it this way: why do you put a lock on your door?
Anybody can kick it down.
It makes it harder. it's a deterrant. it draws attention.
i've actually got into several bbses using mods that have that exploit i mentioned. I've typed out the system pw and the users pw and taken complete control of a bbs.
It would be harder for a bonehead like me to go and grab a key and decrypt, yadda yadda yadda when the way i just mentioned takes a few mins.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|