[nos-bbs] JNOS md5 authentication

Michael Fox - N6MEF n6mef at mefox.org
Sat Feb 8 00:13:01 EST 2020


The way Outpost currently works is you configure a username and password for
the BBS.  When Outpost connects via telnet:
-- If it does NOT see the MD5 challenge, it logs in with the username and
password as usual
-- If it DOES see the MD5 challenge, it runs the algorithm against the
challenge and the password to produce and send back the proper response.

I don't understand enough about the implications of what you're asking.  But
if you used something other than the user's password in the algorithm, then
the client would also have to know what that is in order to produce the
proper response, right?  And of course, its important that multiple clients
don't share the same "secret" info.

Michael, N6MEF



-----Original Message-----
From: nos-bbs <nos-bbs-bounces at lists.tapr.org> On Behalf Of Langelaar
Sent: Friday, February 7, 2020 11:19 AM
To: TAPR xNOS Mailing List <nos-bbs at lists.tapr.org>
Subject: [nos-bbs] JNOS md5 authentication

Is it necessary to have to use the password in the md5 authentication ?

Can it be any value that I have stored in the user database ? Like the 
random salt ?

What are the implications for the client side, in particular outpost ?

Maiko / VE4KLM




More information about the nos-bbs mailing list