Question regarding FTS-1027 section 1.7 "Example of Frame Exchange
During CRAM Authentication"
In the example, the Originating side returns
M_PWD "CRAM-MD5-56be002162a4a15ba7a9064f0c93fd00"
This hex value appears to be incorrect. I tested with two
implementations of the CRAM-MD5 algorithm, and in both cases, the same
hex value was calculated using the password and challenge hex string
from the example, which differed from the value shown in the document.
Password: tanstaaftanstaaf
Challenge: f0315b074d728d483d6887d0182fc328
Expected: 56be002162a4a15ba7a9064f0c93fd00 <- From section 1.7
example
Result: 1503922bb6a38bc934bca7afeb522d28 <- From both MD5
algorithms
Which is correct - the value shown in section 1.7 or the test result value?
Question regarding FTS-1027 section 1.7 "Example of Frame Exchange During CRAM Authentication"
Password: tanstaaftanstaaf
Challenge: f0315b074d728d483d6887d0182fc328
Expected: 56be002162a4a15ba7a9064f0c93fd00 <- From section 1.7 example Result: 1503922bb6a38bc934bca7afeb522d28 <- From both MD5 algorithms
Which is correct - the value shown in section 1.7 or the test result value?
Regarding FTS-1027 section 1.7, can the example be updated, or is it illustrative only? If I may make a suggestion, I would use a password
more in line with one assigned by an NC (such as "BOBBY123")
Hello Jason,
On Saturday April 27 2024 13:11, you wrote to deon:
Regarding FTS-1027 section 1.7, can the example be updated, or is it illustrative only? If I may make a suggestion, I would use a password more in line with one assigned by an NC (such as "BOBBY123")
"BOBBY123" is NOT a password I would use or a type of password that I would encourage other Fidonet collegues to use. So I strongly advise against using it as an example in an FTSC documentation.
What would you propose as a more suitable and appropriate password for
the example? Or, continue to use the existing password, which is
stated in the first line of section 1.7 "(Password here is tanstaaftanstaaf)"?
"BOBBY123" is NOT a password I would use or a type of password that
I would encourage other Fidonet collegues to use. So I strongly
advise against using it as an example in an FTSC documentation.
Why burn a "good password" in a standards document? It's common
practice to use bad passwords as example source material for hashes
and digests in standards.
>> "BOBBY123" is NOT a password I would use or a type of password that I
>> would encourage other Fidonet collegues to use. So I strongly advise
>> gainst using it as an example in an FTSC documentation.
What would you propose as a more suitable and appropriate password for the example? Or, continue to use the existing password, which is stated in the first line of section 1.7 "(Password here is tanstaaftanstaaf)"?
Thank you everyone for your time and consideration. Based on your feedback I would like to propose the following change to Section 1.7:
Replace "CRAM-MD5-56be002162a4a15ba7a9064f0c93fd00"
with "CRAM-MD5-1503922bb6a38bc934bca7afeb522d28"
Re: FTS-1027 Section 1.7 CRAM-MD5 Frame Exchange Example
By: Michiel van der Vlist to Jason Brady on Sun Apr 28 2024 08:58 am
Hello Jason,
On Saturday April 27 2024 13:11, you wrote to deon:
Regarding FTS-1027 section 1.7, can the example be updated, or is it illustrative only? If I may make a suggestion, I would use a passwor more in line with one assigned by an NC (such as "BOBBY123")
"BOBBY123" is NOT a password I would use or a type of password that I wou encourage other Fidonet collegues to use. So I strongly advise against us it as an example in an FTSC documentation.
Why burn a "good password" in a standards document? It's common practice to bad passwords as example source material for hashes and digests in standards https://www.rfc-editor.org/rfc/rfc1321
--
digital man (rob)
Synchronet/BBS Terminology Definition #49:
KD = King Drafus (Allen Christiansen)
Norco, CA WX: 74.8øF, 46.0% humidity, 5 mph W wind, 0.00 inches rain/24hrs
Why burn a "good password" in a standards document? It's commonAgreed. A sample should be something like yourpassword
practice to bad passwords as example source material for hashes and
digests in standards https://www.rfc-editor.org/rfc/rfc1321
Good ${greeting_time}, Carol!
30 Apr 2024 17:01:08, you wrote to Rob Swindell:
Why burn a "good password" in a standards document? It's commonAgreed. A sample should be something like yourpassword
practice to bad passwords as example source material for hashes and
digests in standards https://www.rfc-editor.org/rfc/rfc1321
Being here for many years, you still don't know about 8-symbols limit still existing in other software and the common practice to use one password for a FTN stuff?
My suggestion: "password". Or, even better, "pAs5w0rD".
Both are (1) readable and (2) inacceptable for actual use.
--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii
... GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 368 |
Nodes: | 16 (2 / 14) |
Uptime: | 87:26:11 |
Calls: | 7,895 |
Calls today: | 1 |
Files: | 12,968 |
Messages: | 5,792,158 |