On 3/21/2020 10:37 AM, Al wrote:

I'm not sure that case is an issue. I have used lower case, upper case and mixed case passwords with binkit and have not seen issues. Of course the nodes
on both sides of the link need to enter the password as needed.

Whatever case was used it was a pwd protected session (MD5), but why the "remote set UNSECURE session"?

Just guessing, it's an insecure protocol, and md5 is *NOT* secure for passphrase hashing, theres established collision systems these days.

If the protocol was over TLS, then at least the md5 is less of an issue, though even with TLS, odds are you'd be using a self-signed cert, and
the client wouldn't actually validate.

Would really love to see more/better integration with say Let's Encrypt
to get everything over secure protocols with real certs.

--
Michael J. Ryan
tracker1 +o Roughneck BBS

---
þ Synchronet þ Roughneck BBS - coming back 2/2/20

Would really love to see more/better integration with say Let's Encrypt
to get everything over secure protocols with real certs.

BinkIT is able to transfer mail and files over TLS now. It works between Synchronet <-> binkd and mystic now. By default it uses Synchronet's self signed cert but could probably use a cert from letsencrypt.

--- BBBS/Li6 v4.10 Toy-4
* Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net