[nos-bbs] does ANYONE use MD5AUTHENTICATE anymore ?
(Skip) K8RRA
k8rra at ameritech.net
Thu Sep 18 13:47:52 EDT 2008
Hi Maiko, this is an interesting subject!
On Thu, 2008-09-18 at 10:26 -0500, Maiko Langelaar (ve4klm) wrote:
> Good day,
>
> Does ANYONE even use MD5AUTHENTICATE in NOS anymore ?
Only speaking for myself and perhaps my local buddies: NO
>
> Is there any reason to keep it ?
HHMMMM...
Throughout my experience with jnos/packet/AMPRRnet/... that comes after
my life with UNIX/IBM VS/CDC teleprocessing/Internet/... I've been
bothered by "in the clear" pass-wording used here. Security is a joke.
Still, in a community of gentlemen hams AMPRnet is perhaps as secure as
it "needs to be".
While I favor securing selected things, I'm also a true "lemming" and I
find following the "head lemming" better than being a crusader. This is
likely to end the first time my node is "cracked & abused" by some
non-gentleman.
SO -- I'd like to think there is "reason" to keep security alive within
jnos, but I can't say this is enough reason to keep "MDSAUTHENTICATE".
Cracking this hash is well published and not particularly hard. Even
this debate could become tedious.
My answer becomes "Follow your own conscience on this issue." and let
history play itself out. For what it's worth...
>
> Maiko Langelaar / VE4KLM
>
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at lists.tapr.org
> https://lists.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
73
de [George (Skip) VerDuin] K8RRA k
More information about the nos-bbs
mailing list