[nos-bbs] MD5 (was: etelnet)

Miroslav Skoric skoric at uns.ac.rs
Sun Feb 25 06:47:36 EST 2018

On 02/25/2018 12:58 AM, Boudewijn (Bob) Tenty wrote:

> I used it for normal user access and not for forwarding and I even don't know
> or the forward.bbs script accepts the etelnet command.
> MD5 is not so secure and can be cracked by a brute-force attack and suffers from
> extensive vulnerabilities.

In general, and not only for using with *NOS systems (but also with FBB 
or BCM), I wonder if MD5-based user access & forwarding were eventually 
replaced by some more safer algorithms?

Or as an alternative, maybe just to partially update MD5 procedures, by 
introducing a software mechanism (a script or whatever) that would 
automatically change the content of the 'secret key' string at preset 
time (negotiated separately in between any two bbs sysops and/or a sysop 
and a particular end-user). For example, if I remember properly, the 
MD5-based security in FBB related to a 80-character 'secret key' that 
was located both at the user side and the server side. That key remained 
permanent all the time which means unchanged, hence probably prone to 
hacking attempts. But if there would be introduced some mechanism to 
periodically change the content of that key (for example, just change 
the order of the elements of the key, such as to move the character #1 
to the last position in the row, i.e. to the position #80, and to move 
remaining 79 characters one position to the left, i.e. #2 to #1, #3 to 
#2, ...), I wonder whether that operation would increase MD5 usability?

Misko YT7MPB

More information about the nos-bbs mailing list