Hello mark,

On Friday May 01 2020 16:41, you wrote to me:

 MvdV>> Binkd does nothing with the packets. As you once said it is "just a
 MvdV>> filer". It is other software, such as a tosser that deals with the
 MvdV>> packets. There is nothing stopping sysops from having the binkd
 MvdV>> session password different from the tosser's packet password.

 ml> on the one hand, this is true... if one is talking about binkd...

This is the binkd area. The word "binkd "appears twice in my above comment. The
source of this subthread is Benny P. miouwing about an alleged "clear text
password problem" in binkd. Of course I am talking about binkd.

 ml> my part of the discussion was leaning more toward binkp, though...

You neglected to inform the audience about that change of context...

Plus that I see no mention of an 8 characer limitation on the password in the
binkp docs...

 ml> i'm not saying that it is correct for mailers to validate packets
 ml> against the session password... i'm just saying that there are/were
 ml> some that do/did...

Irrelevant what some others do/did. We are not discussing those others, we are
discussing session passwords in binkd.

 MvdV>> In fact some say NOT having them the same increases security.

 ml> yeah, i've heard that, too ;)

I agree with "some". A 24 byte non ASCII case sensitive password is harder to
brute force than an 8 character case insensitive ASCII password. ==> increasd
security.


Cheers, Michiel

--- Fmail, Binkd, Golded