SBBSecho has always treated packet passwords case-INsensitively. It is unfortuate that so many of the fido specifications were so badly
written to begin with and the resulting ambiguities and contradictions have never been sufficiently addressed by the FTSC.
Luckily, with password-protected mail sessions the norm these days,
packet passwords are kind of moot and probably should just be
deprecated. Doubt that'll happen though.
don'tYou can't enter mixed or lowercase into the configuration program,
only uppercase. And when someone updates the packet password through
areafix it's converted to uppercase before storing in the
configuration file. So on outgoing packet files the packet password is
always uppercase only.
Oh the horror! There are people out there that I interface with that
know that rule and insist on setting mixedcase. Evil people. Smelly people. Ugly people...
I was wondering about packet passwords, are they case
insensitive or not?
In all my experience packet, areafix and filefix passwords have
been case insensitive.
Packet and areafix passwords are case insensitive in FMail. But
according to Nick there are tossers that are not...
It has always been my hope that no one will write a tosser with
case sensitive passwords!
What's the problem? You can always configure the case sensitive tosser with an all uppercase (or lowercase) password to communicate with a
case insensitive tosser.
And that's what I'm trying to find out, if there could be a problem if
I change FMails behaviour. I'm not seeing it, but I can't think of everything. ;)
I remember that we always used uppercase packet passwords. I assumed
that passwords are case insensitive, but I think I never tried to use lowercase in the config.
Packet and areafix passwords are case insensitive in FMail. But
according to Nick there are tossers that are not...
Crashmail and Squish use stricmp() for the packet passwords -> case insensitive.
How does stricmp compare strings with high ascii characters?
And that's what I'm trying to find out, if there could be a problem
if I change FMails behaviour. I'm not seeing it, but I can't think of
everything. ;)
I would say in theory there should be less problems, if FMail were able to send mixed case passwords.
Maybe we should use hex notation for the passwords, so all 255
characters can be used for better security ;).
I was wondering about packet passwords, are they case insensitive or not?mixed case passwords.
When I look at the packets I receive, there are some with lower or even
When I look at the packets I receive, there are some with lower or even
mixed case passwords.
Crashmail sends the (mixed-case) password string exactly as configured, no conversion to uppercase.
I was wondering about packet passwords, are they case insensitive or
not?
When I look at the packets I receive, there are some with lower or
even mixed case passwords.
Crashmail sends the (mixed-case) password string exactly as configured, no conversion to uppercase.
On FMails side that's not a problem because it checks the passwords
case insensitive.
How they deal with it on their side is their problem. ;)
Hi Rob,
On 2020-04-21 16:12:07, you wrote to me:
SBBSecho has always treated packet passwords case-INsensitively. It is unfortuate that so many of the fido specifications were so badly written to begin with and the resulting ambiguities and contradictions have never been sufficiently addressed by the FTSC.
There is no ambiguity for packet password case sensitivity. It's just not specified, so anything goes...
Luckily, with password-protected mail sessions the norm these days, packet passwords are kind of moot and probably should just be deprecated. Doubt that'll happen though.
I don't agree here. Packet passwords provide an extra layer of security. For instance without it, anyone can drop a .pkt file in your insecure inbound with a falsified source address and echomail in it. If you process .pkt files from your inbound automatically, it will get tossed, if there is no packet password agreeded upon for the falsified source...
Luckily, with password-protected mail sessions the norm thesedays,
packet passwords are kind of moot and probably should just be
deprecated. Doubt that'll happen though.
I don't agree here. Packet passwords provide an extra layer of security.
For instance without it, anyone can drop a .pkt file in your insecure
inbound with a falsified source address and echomail in it. If you
process .pkt files from your inbound automatically, it will get tossed,
if there is no packet password agreeded upon for the falsified source...
SBBSecho will not import echomail from an insecure inbound directory.
"bytes": So it could be anything, including "high ascii".
When I look at the packets I receive, there are some with lower or
even mixed case passwords. (So it's a good thing FMail does a case insensitive compare, otherwise it wouldn't match against the
configured uppercase password)
"bytes": So it could be anything, including "high ascii".
When I look at the packets I receive, there are some with lower or
even mixed case passwords. (So it's a good thing FMail does a case
insensitive compare, otherwise it wouldn't match against the
configured uppercase password)
This has been unsteady 'ground' for me. What is FMail doing when it's coding the forced uppercase, after having potential mixedcase entered in the setup?
I was wondering about packet passwords, are they case insensitive or
not?
I was wondering about packet passwords, are they case insensitive or
not?
In all my experience packet, areafix and filefix passwords have been case insensitive.
It has always been my hope that no one will write a tosser with case sensitive passwords!
I was wondering about packet passwords, are they case insensitive or
not?
In all my experience packet, areafix and filefix passwords have been
case insensitive.
Hi All,
I was wondering about packet passwords, are they case insensitive or not?
FMail has always forced them to uppercase on entry in the configuration, and does a case insensitive compare on the password contained in arrived packet files.
fts-0001.016 just says this about the password:
password (some impls)
eight bytes
null padded
"bytes": So it could be anything, including "high ascii".
When I look at the packets I receive, there are some with lower or even mixed case passwords.
(So it's a good thing FMail does a case insensitive compare, otherwise it wouldn't match against the configured uppercase password)
You can't enter mixed or lowercase into the configuration program,
only uppercase. And when someone updates the packet password through areafix it's converted to uppercase before storing in the
configuration file. So on outgoing packet files the packet password is always uppercase only.
In all my experience packet, areafix and filefix passwords have
been case insensitive.
this is because traditionally, all FTN software uppercased everything
;)
Sysop: | Nelgin |
---|---|
Location: | Plano, TX |
Users: | 579 |
Nodes: | 10 (1 / 9) |
Uptime: | 08:19:24 |
Calls: | 9,337 |
Files: | 16,008 |
Messages: | 1,050,042 |