pam_bcpasswd lives! (^o^) Now you'll be able to avoid transmitting your password in clear text over the air, especially useful if you have a backup access over AX.25. I need to check if I can use it directly with axspawn during the initial authentication... Sources to be published once the debian package can be built. I've got a few ideas for secure password rotation (using OPAQUE) and to implement a 3-way alternative of SCRAM to provide mutual authentication :3c
It works like the original challenge-md5 mechanism in axspawn: it issues a random challenge (size adjusted to provide better randomness), and then checks that ascii-hex(md5(concat(challenge,password))) matches.
In terms of security, this is far from being perfect (which is why I'm hoping to replace it by SCRAM in the long run), but at least it's better than cleartext password or baycom authentication, for now.
polprog68k
in reply to isithran • • •isithran
in reply to polprog68k • •It works like the original challenge-md5 mechanism in axspawn: it issues a random challenge (size adjusted to provide better randomness), and then checks that ascii-hex(md5(concat(challenge,password))) matches.
In terms of security, this is far from being perfect (which is why I'm hoping to replace it by SCRAM in the long run), but at least it's better than cleartext password or baycom authentication, for now.
like this
polprog68k likes this.