lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200306050357.h553ve06007519@caligula.anu.edu.au>
From: avalon at caligula.anu.edu.au (Darren Reed)
Subject: Re: IRCXpro 1.0 - Clear local and default remote admin passwords

In some mail from =?iso-8859-1?Q?Mads_Tans=F8?=, sie said:
> 
> Concerning point 1;
> It is not usual for irc servers to store clear passwords in the
> IRCD.config files. Hybrid uses hashed password made with mkpasswd,
> genesis uses rijndael, nnircd for a sample uses some kinda of hash
> (based on ircd2 if I don?t remember to wrong). Using encrypted passwords
> are not cause of remote or local users, its just IF the server should
> get hacked it is not good to let the ircd.conf reveal the passwords.
> This also goes for linkpasswords.
> Imho the c/n's should also be a crypted line, but then again, that?s my
> oppinion.

FWIW, you can put an encrypted password in N's but cleartest must go
in C but it's tricky to get right.  For one, you need to used asymetric
passwords.  Well, you used to be able to, anyway, I'm not sure if this
is still supported.  mkpasswd is inherited by hybrid from ircd2.

Darren

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ