Forum : The BROKeN BuBBLe

unsecure session?

From Al@VERT to All on Monday, March 16, 2020 11:58:00

Hello All,

I am wondering if anyone can tell me what this means.

Warning: remote set UNSECURE session
pwd protected session (MD5)

The above is an extract from a binkd -> binkit mailer session. I have see the same with a binkd -> binkd mailer session.

I have seen the above message from a binkd mailer. It made me curious at the time but there was no error so I let it go.

Another node has seen this now from BinkIT and asked me what it means.

It's a cryptic message. The second line seems to contradict the first line.

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Eugene Subbotin@VERT to Al on Saturday, March 21, 2020 19:20:22

Hello, Al!

Monday March 16 2020 11:58:00, you wrote to All:

I am wondering if anyone can tell me what this means.

Warning: remote set UNSECURE session
pwd protected session (MD5)

The above is an extract from a binkd -> binkit mailer session. I have
see the same with a binkd -> binkd mailer session.

I have seen the above message from a binkd mailer. It made me curious
at the time but there was no error so I let it go.

Another node has seen this now from BinkIT and asked me what it means.

It's a cryptic message. The second line seems to contradict the first line.

looks like BitkIT doesn't support lowercase session passwords

--
... It's full of stars!
--- GoldED+/LNX 1.1.5--b20180707 (Linux 4.19.108-v7+ CPU UNKNOWN)
* Origin: FireFox Station (2:5075/35)
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Al@VERT to Eugene Subbotin on Saturday, March 21, 2020 10:37:40

I am wondering if anyone can tell me what this means.

Warning: remote set UNSECURE session
pwd protected session (MD5)

The above is an extract from a binkd -> binkit mailer session. I have
see the same with a binkd -> binkd mailer session.

I have seen the above message from a binkd mailer. It made me curious
at the time but there was no error so I let it go.

Another node has seen this now from BinkIT and asked me what it means.

It's a cryptic message. The second line seems to contradict the first
line.

looks like BitkIT doesn't support lowercase session passwords

I'm not sure that case is an issue. I have used lower case, upper case and mixed case passwords with binkit and have not seen issues. Of course the nodes on both sides of the link need to enter the password as needed.

Whatever case was used it was a pwd protected session (MD5), but why the "remote set UNSECURE session"?

--- BBBS/Li6 v4.10 Toy-4
* Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Digital Man@VERT to Eugene Subbotin on Saturday, March 21, 2020 13:04:25

Re: Re: unsecure session?
By: Eugene Subbotin to Al on Sat Mar 21 2020 07:20 pm

looks like BitkIT doesn't support lowercase session passwords

It does.

digital man

Synchronet/BBS Terminology Definition #82:
XOFF = Transmit Off (ASCII 19, Ctrl-S)
Norco, CA WX: 62.2�F, 63.0% humidity, 2 mph E wind, 0.00 inches rain/24hrs

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Tony Langdon@VERT to Eugene Subbotin on Sunday, March 22, 2020 12:27:00

On 03-21-20 19:20, Eugene Subbotin wrote to Al <=-

looks like BitkIT doesn't support lowercase session passwords

Hmm, I hope it does, since BinkP session passwords are supposed to be case sensitive.

And I'm sure I have links running BinkIT that are using mixed case passwords.

... Assassination is the extreme form of censorship.
=== MultiMail/Win v0.51
--- SBBSecho 3.10-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Dumas Walker@VERT/CAPCITY2 to EUGENE SUBBOTIN on Sunday, March 22, 2020 09:58:00

looks like BitkIT doesn't support lowercase session passwords

It does.

digital man

Yes. Some of mine are all lower case, and some are mixed case. I have not noticed any issues with either.

* SLMR 2.1a * Pregnancy is a side effect of sloppy birth control.

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

From Tracker1@VERT/TRN to Al on Thursday, March 26, 2020 05:35:41

On 3/21/2020 10:37 AM, Al wrote:

I'm not sure that case is an issue. I have used lower case, upper case and mixed case passwords with binkit and have not seen issues. Of course the nodes
on both sides of the link need to enter the password as needed.

Whatever case was used it was a pwd protected session (MD5), but why the "remote set UNSECURE session"?

Just guessing, it's an insecure protocol, and md5 is *NOT* secure for passphrase hashing, theres established collision systems these days.

If the protocol was over TLS, then at least the md5 is less of an issue, though even with TLS, odds are you'd be using a self-signed cert, and
the client wouldn't actually validate.

Would really love to see more/better integration with say Let's Encrypt
to get everything over secure protocols with real certs.

--
Michael J. Ryan
tracker1 +o Roughneck BBS

---
� Synchronet � Roughneck BBS - coming back 2/2/20

From Al@VERT to Tracker1 on Saturday, March 28, 2020 19:33:06

Would really love to see more/better integration with say Let's Encrypt
to get everything over secure protocols with real certs.

BinkIT is able to transfer mail and files over TLS now. It works between Synchronet <-> binkd and mystic now. By default it uses Synchronet's self signed cert but could probably use a cert from letsencrypt.

--- BBBS/Li6 v4.10 Toy-4
* Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

System Info

Sysop:	MCMLXXIX
Location:	Prospect, CT
Users:	325
Nodes:	10 (0 / 10)
Uptime:	41:46:52
Calls:	508
Messages:	220029