1. Forum
  2. Usenet Intenat
  3. ALT.BBS.SYNCHRONET

  • unsecure session?

    From Al@1:229/2 to All on Monday, March 16, 2020 11:58:00
    From: al@1:153/757.remove-n77-this

    Hello All,

    I am wondering if anyone can tell me what this means.

    Warning: remote set UNSECURE session
    pwd protected session (MD5)

    The above is an extract from a binkd -> binkit mailer session. I have see the same with a binkd -> binkd mailer session.

    I have seen the above message from a binkd mailer. It made me curious at the time but there was no error so I let it go.

    Another node has seen this now from BinkIT and asked me what it means.

    It's a cryptic message. The second line seems to contradict the first line.

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
    --- Synchronet 3.17c-Win32 NewsLink 1.111
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From Eugene Subbotin@1:229/2 to you on Saturday, March 21, 2020 19:20:22
    From: eugene.subbotin@2:5075/35.remove-hha-this

    To: Al
    Hello, Al!

    Monday March 16 2020 11:58:00, you wrote to All:

    I am wondering if anyone can tell me what this means.

    Warning: remote set UNSECURE session
    pwd protected session (MD5)

    The above is an extract from a binkd -> binkit mailer session. I have
    see the same with a binkd -> binkd mailer session.

    I have seen the above message from a binkd mailer. It made me curious
    at the time but there was no error so I let it go.

    Another node has seen this now from BinkIT and asked me what it means.

    It's a cryptic message. The second line seems to contradict the first line.

    looks like BitkIT doesn't support lowercase session passwords

    --
    ... It's full of stars!
    --- GoldED+/LNX 1.1.5--b20180707 (Linux 4.19.108-v7+ CPU UNKNOWN)
    * Origin: FireFox Station (2:5075/35)
    --- Synchronet 3.17c-Win32 NewsLink 1.111
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From Al@1:229/2 to All on Saturday, March 21, 2020 10:37:40
    From: al@1:153/757.remove-fa1-this

    To: Eugene Subbotin
    I am wondering if anyone can tell me what this means.

    Warning: remote set UNSECURE session
    pwd protected session (MD5)

    The above is an extract from a binkd -> binkit mailer session. I have
    see the same with a binkd -> binkd mailer session.

    I have seen the above message from a binkd mailer. It made me curious
    at the time but there was no error so I let it go.

    Another node has seen this now from BinkIT and asked me what it means.

    It's a cryptic message. The second line seems to contradict the first
    line.

    looks like BitkIT doesn't support lowercase session passwords

    I'm not sure that case is an issue. I have used lower case, upper case and mixed case passwords with binkit and have not seen issues. Of course the nodes on both sides of the link need to enter the password as needed.

    Whatever case was used it was a pwd protected session (MD5), but why the "remote set UNSECURE session"?

    --- BBBS/Li6 v4.10 Toy-4
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
    --- Synchronet 3.17c-Win32 NewsLink 1.111
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From Digital Man@1:229/2 to All on Saturday, March 21, 2020 13:04:25
    From: digital.man@vert.synchro.net.remove-wbh-this

    To: Eugene Subbotin
    Re: Re: unsecure session?
    By: Eugene Subbotin to Al on Sat Mar 21 2020 07:20 pm

    looks like BitkIT doesn't support lowercase session passwords

    It does.

    digital man

    Synchronet/BBS Terminology Definition #82:
    XOFF = Transmit Off (ASCII 19, Ctrl-S)
    Norco, CA WX: 62.2øF, 63.0% humidity, 2 mph E wind, 0.00 inches rain/24hrs
    --- Synchronet 3.17c-Win32 NewsLink 1.111
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From Tony Langdon@1:229/2 to Eugene Subbotin on Sunday, March 22, 2020 12:27:00
    From: tony.langdon@3:633/410.remove-ho7-this

    To: Eugene Subbotin
    On 03-21-20 19:20, Eugene Subbotin wrote to Al <=-

    looks like BitkIT doesn't support lowercase session passwords

    Hmm, I hope it does, since BinkP session passwords are supposed to be case sensitive.

    And I'm sure I have links running BinkIT that are using mixed case passwords.

    ... Assassination is the extreme form of censorship.
    === MultiMail/Win v0.51
    --- SBBSecho 3.10-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
    --- Synchronet 3.17c-Win32 NewsLink 1.111
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From Dumas Walker@1:229/2 to All on Sunday, March 22, 2020 09:58:00
    From: dumas.walker@CAPCITY2.remove-zwa-this

    To: EUGENE SUBBOTIN
    looks like BitkIT doesn't support lowercase session passwords

    It does.

    digital man


    Yes. Some of mine are all lower case, and some are mixed case. I have not noticed any issues with either.


    * SLMR 2.1a * Pregnancy is a side effect of sloppy birth control.

    ---
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP --- Synchronet 3.17c-Win32 NewsLink 1.111
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From Tracker1@1:229/2 to All on Thursday, March 26, 2020 05:35:41
    From: tracker1@TRN.remove-11ey-this

    To: Al
    On 3/21/2020 10:37 AM, Al wrote:

    I'm not sure that case is an issue. I have used lower case, upper case and mixed case passwords with binkit and have not seen issues. Of course the
    nodes
    on both sides of the link need to enter the password as needed.

    Whatever case was used it was a pwd protected session (MD5), but why the "remote set UNSECURE session"?

    Just guessing, it's an insecure protocol, and md5 is *NOT* secure for passphrase hashing, theres established collision systems these days.

    If the protocol was over TLS, then at least the md5 is less of an issue,
    though even with TLS, odds are you'd be using a self-signed cert, and
    the client wouldn't actually validate.

    Would really love to see more/better integration with say Let's Encrypt
    to get everything over secure protocols with real certs.

    --
    Michael J. Ryan
    tracker1 +o Roughneck BBS

    ---
    þ Synchronet þ Roughneck BBS - coming back 2/2/20
    --- Synchronet 3.17c-Win32 NewsLink 1.111
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From Al@1:229/2 to All on Saturday, March 28, 2020 19:33:06
    From: al@1:153/757.remove-43x-this

    To: Tracker1
    Would really love to see more/better integration with say Let's Encrypt
    to get everything over secure protocols with real certs.

    BinkIT is able to transfer mail and files over TLS now. It works between Synchronet <-> binkd and mystic now. By default it uses Synchronet's self signed cert but could probably use a cert from letsencrypt.

    --- BBBS/Li6 v4.10 Toy-4
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
    --- Synchronet 3.17c-Win32 NewsLink 1.111
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)