|
Full Disclosure
mailing list archives
Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords
From: Darren Reed <avalon () caligula anu edu au>
Date: Thu, 5 Jun 2003 13:57:40 +1000 (Australia/ACT)
In some mail from =?iso-8859-1?Q?Mads_Tans=F8?=, sie said:
Concerning point 1;
It is not usual for irc servers to store clear passwords in the
IRCD.config files. Hybrid uses hashed password made with mkpasswd,
genesis uses rijndael, nnircd for a sample uses some kinda of hash
(based on ircd2 if I dont remember to wrong). Using encrypted passwords
are not cause of remote or local users, its just IF the server should
get hacked it is not good to let the ircd.conf reveal the passwords.
This also goes for linkpasswords.
Imho the c/n's should also be a crypted line, but then again, thats my
oppinion.
FWIW, you can put an encrypted password in N's but cleartest must go
in C but it's tricky to get right. For one, you need to used asymetric
passwords. Well, you used to be able to, anyway, I'm not sure if this
is still supported. mkpasswd is inherited by hybrid from ircd2.
Darren
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords, (continued)
RE: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Mads Tansø (Jun 03)
- Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Darren Reed (Jun 04)
Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords morning_wood (Jun 03)
RE: Re: IRCXpro 1.0 - Clear local and default remote admin passwords Cushing, David (Jun 04)
RE: Re: IRCXpro 1.0 - Clear local and default remote admin passwords tido (Jun 04)
|
Intro
