Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: IRCXpro 1.0 - Clear local and default remote admin passwords

From: Darren Reed <avalon () caligula anu edu au>
Date: Thu, 5 Jun 2003 13:57:40 +1000 (Australia/ACT)
In some mail from =?iso-8859-1?Q?Mads_Tans=F8?=, sie said:


Concerning point 1;
It is not usual for irc servers to store clear passwords in the
IRCD.config files. Hybrid uses hashed password made with mkpasswd,
genesis uses rijndael, nnircd for a sample uses some kinda of hash
(based on ircd2 if I don’t remember to wrong). Using encrypted passwords
are not cause of remote or local users, its just IF the server should
get hacked it is not good to let the ircd.conf reveal the passwords.
This also goes for linkpasswords.
Imho the c/n's should also be a crypted line, but then again, that’s my
oppinion.


FWIW, you can put an encrypted password in N's but cleartest must go
in C but it's tricky to get right.  For one, you need to used asymetric
passwords.  Well, you used to be able to, anyway, I'm not sure if this
is still supported.  mkpasswd is inherited by hybrid from ircd2.

Darren
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: