• Bug report: BinkP CRAM challenges

    From Rob Swindell to All on Fri Mar 9 11:36:55 2018
    I'm not sure if this echo is still active (doesn't appear to be), but here goes anyway:

    During the development of a new BinkP mailer (http://wiki.synchro.net/module:binkit) we found an incompatibility with Internet Rex 2.29 Win32, due to a BinkP spec violation:

    When IRex is making an outbound connection to a BinkP link using CRAM-MD5 auth, if the CRAM challenge (sent by the remote) is greater in length than 16 bytes (32 hex chars), then IRex fails to compute the CRAM response (MD5-HMAC) correctly. The specification (FTS-1027) states:

    "Size and contents of challenge data are implementation-dependent,
    but it SHOULD be no smaller than 8 bytes and no bigger than 64
    bytes."

    Yet IRex appears to only support 16 byte challenges (which happens to be what BinkD sends, always).

    digital man

    Synchronet/BBS Terminology Definition #52:
    Sysop = System Operator
    Norco, CA WX: 67.9°F, 37.0% humidity, 0 mph ENE wind, 0.00 inches rain/24hrs
  • From Robert Wolfe@1:261/20 to Rob Swindell on Fri Mar 9 18:22:09 2018
    *** Quoting Rob Swindell from a message to All ***

    I'm not sure if this echo is still active (doesn't appear to be), but anyway:

    The echo is still here, but I do not know if Charles still follows the echo or not. Just in case, I forwarded a copy of your message to him to see what he can do, if ANYTHING, about that.

    Do you see this issue when someone connects to a binkit system using version 2.31 of Internet Rex?

    --- Telegard/2 v3.09.g2-sp4/mL
    * Origin: Omicron Theta/2 * Southaven, MS * os2bbs.org:2300 (1:261/20)
  • From Rob Swindell to Robert Wolfe on Fri Mar 9 19:35:47 2018
    Re: Re: Bug report: BinkP CRAM challenges
    By: Robert Wolfe to Rob Swindell on Fri Mar 09 2018 06:22 pm

    *** Quoting Rob Swindell from a message to All ***

    I'm not sure if this echo is still active (doesn't appear to be), but anyway:

    The echo is still here, but I do not know if Charles still follows the echo or not. Just in case, I forwarded a copy of your message to him to see what he can do, if ANYTHING, about that.

    Do you see this issue when someone connects to a binkit system using version 2.31 of Internet Rex?

    Honestly, I don't know:

    1. No one is connecting to *my* mailer using Irex, this was was determined through debugging a sysops issues with his links. The only version of IRex in use during this problem report was 2.29.

    2. We've since changed BinkIT to only send a 16-byte CRAM challenge to resolve the incompatibility, so unless we find a guinea pig running versions of IRex *newer* than 2.29 and willing to experiment with a link running BinkIT, we'll never know.

    digital man

    Synchronet/BBS Terminology Definition #17:
    DSL = Digital Subscriber Line
    Norco, CA WX: 58.5°F, 85.0% humidity, 0 mph SE wind, 0.00 inches rain/24hrs
  • From Nick Mackechnie@3:772/210 to Rob Swindell on Sat Mar 10 18:31:00 2018
    2. We've since changed BinkIT to only send a 16-byte CRAM challenge to
    resolve
    the incompatibility, so unless we find a guinea pig running versions of IRex
    *newer* than 2.29 and willing to experiment with a link running BinkIT,
    we'll
    never know.

    Hi Rob,

    Didnt realise there were newer versions of Irex (2.29) - if there is, happy
    to upgrade and test if useful.

    Nick,

    --- SLMAIL v5.1 (#SLO409KEDG15G098)
    * Origin: The Trashcan - The BEST rubbish * bbs.thenet.gen.nz (3:772/210)
  • From Andrew Leary@1:320/219 to Nick Mackechnie on Sat Mar 10 03:36:00 2018
    Hello Nick!

    10 Mar 18 18:31, you wrote to Rob Swindell:

    Didnt realise there were newer versions of Irex (2.29) - if there is, happy to upgrade and test if useful.

    Any version of IRex newer than 2.29 is a beta version, not a release. 2.31 is widely available, and there are a few of Charles' beta sites running a 2.67 beta.

    Andrew

    --- GoldED+/LNX 1.1.5-b20170303
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Andrew Leary@1:320/219 to Rob Swindell on Sat Mar 10 03:40:17 2018
    Hello Rob!

    09 Mar 18 19:35, you wrote to Robert Wolfe:

    1. No one is connecting to *my* mailer using Irex, this was was
    determined through debugging a sysops issues with his links. The only version of IRex in use during this problem report was 2.29.

    2. We've since changed BinkIT to only send a 16-byte CRAM challenge to resolve the incompatibility, so unless we find a guinea pig running versions of IRex *newer* than 2.29 and willing to experiment with a
    link running BinkIT, we'll never know.

    I do have IRex 2.31 on my OS/2 system, so if you would like to try testing it, drop me a netmail. Incidentally, I'm interested to know if mbcico handles this situation properly, so I'd like to test that as well.

    Andrew

    --- GoldED+/LNX 1.1.5-b20170303
    * Origin: Phoenix BBS * phoenix.bnbbbs.net (1:320/219)
  • From Nick Mackechnie@3:772/210 to Andrew Leary on Sun Mar 11 10:18:00 2018
    Hello Nick!

    10 Mar 18 18:31, you wrote to Rob Swindell:

    Didnt realise there were newer versions of Irex (2.29) - if there is, happy to upgrade and test if useful.

    Any version of IRex newer than 2.29 is a beta version, not a release. 2.31
    is
    widely available, and there are a few of Charles' beta sites running a 2.67
    beta.

    Thanks mate - I've upgraded to 2.31, so if someone needs testing done, let
    me know.

    Nick

    --- SLMAIL v5.1 (#SLO409KEDG15G098)
    * Origin: The Trashcan - The BEST rubbish * bbs.thenet.gen.nz (3:772/210)
  • From Ben Ritchey@1:393/68 to Nick Mackechnie on Sat Mar 10 19:37:10 2018
    * An ongoing debate between Nick Mackechnie and Andrew Leary rages on ...

    Didnt realise there were newer versions of Irex (2.29) - if
    Any version of IRex newer than 2.29 is a beta version, not a
    release. 2.31 is widely available, and there are a few of Charles'
    beta sites running a 2.67 beta.

    Be advised there is NOT a v2.67 of iRex, Beta or otherwise, unless someone managed to patch one for whatever reason, obviously subject to malware!

    If anyone needs v2.29 (last production release) or 2.31 (last Beta, considered stable) feel free to surf to:

    http://cmech.dynip.com/filebase.bbs/IREX/ for v2.29
    or, http://cmech.dynip.com/filebase.bbs/IREX/Beta/ for v2.31

    These are exact mirrored copies of those on Charles Cruden's site (author)


    .-- Keep the faith, -------------------------------------------------.
    | |
    | Ben aka cMech Web: http|ftp|binkp|telnet://cmech.dynip.com |
    | Email: fido4cmech(at)lusfiber.net |
    | Home page: http://cmech.dynip.com/homepage/ |
    | |
    `-------- WildCat! BBS 24/7 +1-337-984-4794 any BAUD 8,N,1 -------'

    ... What was once a hobby is now an obsession!
    --- GoldED+/W32-MSVC v1.1.5-b20170303 + Mystic BBS v1.12 A39
    * Origin: FIDONet - The Positronium Repository (1:393/68)
  • From Robert Wolfe@1:261/20 to Rob Swindell on Sat Mar 10 19:32:15 2018
    *** Quoting Rob Swindell from a message to Robert Wolfe ***

    Honestly, I don't know:

    1. No one is connecting to *my* mailer using Irex, this was was determ through debugging a sysops issues with his links. The only version of
    use during this problem report was 2.29.

    2. We've since changed BinkIT to only send a 16-byte CRAM challenge to
    the incompatibility, so unless we find a guinea pig running versions o *newer* than 2.29 and willing to experiment with a link running BinkIT never know.

    Well, if you have DoveNet on your system available via FTN, I would be happy to
    give it a try since I run the Win32 and OS/2 versions of Internet Rex 2.31 here on my end.

    --- Telegard/2 v3.09.g2-sp4/mL
    * Origin: Omicron Theta/2 * Southaven, MS * os2bbs.org:2300 (1:261/20)
  • From Robert Wolfe@1:261/20 to Nick Mackechnie on Sat Mar 10 19:32:53 2018
    *** Quoting Nick Mackechnie from a message to Rob Swindell ***

    Didnt realise there were newer versions of Irex (2.29) - if there is,
    to upgrade and test if useful.

    I believe Janis Kracht has the 2.31 version available on her board.

    --- Telegard/2 v3.09.g2-sp4/mL
    * Origin: Omicron Theta/2 * Southaven, MS * os2bbs.org:2300 (1:261/20)
  • From Rob Swindell to Robert Wolfe on Sat Mar 10 19:38:27 2018
    Re: Re: Bug report: BinkP CRAM challenges
    By: Robert Wolfe to Rob Swindell on Sat Mar 10 2018 07:32 pm

    *** Quoting Rob Swindell from a message to Robert Wolfe ***

    Honestly, I don't know:

    1. No one is connecting to *my* mailer using Irex, this was was determ through debugging a sysops issues with his links. The only version of use during this problem report was 2.29.

    2. We've since changed BinkIT to only send a 16-byte CRAM challenge to the incompatibility, so unless we find a guinea pig running versions o *newer* than 2.29 and willing to experiment with a link running BinkIT never know.

    Well, if you have DoveNet on your system available via FTN, I would be happy to
    give it a try since I run the Win32 and OS/2 versions of Internet Rex 2.31 here on my end.

    I don't currently, but I'd be willing to make them available. Just would need to pick a good unused zone number. Any suggestions? :-)

    Of course you can link without passing echomail (as a test) anyway.

    digital man

    Synchronet "Real Fact" #24:
    1584 Synchronet BBS Software registrations were sold between 1992 and 1996. Norco, CA WX: 55.3°F, 98.0% humidity, 0 mph SSW wind, 0.30 inches rain/24hrs
  • From Alan Ianson@1:153/757 to Andrew Leary on Sat Mar 10 20:53:49 2018
    Re: Bug report: BinkP CRAM challenges
    By: Andrew Leary to Rob Swindell on Sat Mar 10 2018 03:40 am

    I do have IRex 2.31 on my OS/2 system, so if you would like to try testing it, drop me a netmail. Incidentally, I'm interested to know if mbcico handles this situation properly, so I'd like to test that as well.

    I just polled your node and it seemed to work OK. No mail and no password so that is not much of a test.

    I'm going to netmail you shortly so if you'd like to test either IRex or mbcico more we can do that.

    Ttyl :-),
    Al


    ... Crime doesn't pay... does that mean my job is a crime?
    --- SBBSecho 3.03-Linux
    * Origin: The Rusty MailBox - Penticton, BC trmb.synchro.net (1:153/757)
  • From Robert Wolfe@1:261/20 to Ben Ritchey on Sun Mar 11 08:35:15 2018
    *** Quoting Ben Ritchey from a message to Nick Mackechnie ***

    * An ongoing debate between Nick Mackechnie and Andrew Leary rages on

    Didnt realise there were newer versions of Irex (2.29) - if
    Any version of IRex newer than 2.29 is a beta version, not a
    release. 2.31 is widely available, and there are a few of Charles'
    beta sites running a 2.67 beta.

    Be advised there is NOT a v2.67 of iRex, Beta or otherwise, unless som managed to patch one for whatever reason, obviously subject to malware

    Ahem...

    {1}[c:\ftn\irex] ftp cruden.ca
    IBM TCP/IP for OS/2 - FTP Client ver 15:45:02 on Mar 19 2004
    Connected to cruden.ca.
    220 Internet Rex 2.67 beta 1 (OS/2) FTP server awaiting your command.
    Name (cruden.ca):

    I also run this on another port on my ArcaOS 5.0.2 VM as well, but I find that beta version to be unstable on the Windows platform. Then again, I was a beta tester (well still am apparently) since way back when I have a bellsouth.net email address :)

    --- Telegard/2 v3.09.g2-sp4/mL
    * Origin: Omicron Theta/2 * Southaven, MS * os2bbs.org:2300 (1:261/20)
  • From Robert Wolfe@1:261/20 to Rob Swindell on Sun Mar 11 08:36:29 2018
    *** Quoting Rob Swindell from a message to Robert Wolfe ***


    Well, if you have DoveNet on your system available via FTN, I would
    to
    give it a try since I run the Win32 and OS/2 versions of Internet Rex 2.31 here on my end.

    I don't currently, but I'd be willing to make them available. Just wou
    to pick a good unused zone number. Any suggestions? :-)

    Of course you can link without passing echomail (as a test) anyway.

    Hmm, I will see what I can do to get a link to you set up here for testing and maybe netmail :)

    --- Telegard/2 v3.09.g2-sp4/mL
    * Origin: Omicron Theta/2 * Southaven, MS * os2bbs.org:2300 (1:261/20)
  • From Rob Swindell to Alan Ianson on Sun Mar 11 13:50:27 2018
    Re: Bug report: BinkP CRAM challenges
    By: Alan Ianson to Andrew Leary on Sat Mar 10 2018 08:53 pm

    Re: Bug report: BinkP CRAM challenges
    By: Andrew Leary to Rob Swindell on Sat Mar 10 2018 03:40 am

    I do have IRex 2.31 on my OS/2 system, so if you would like to try testing it, drop me a netmail. Incidentally, I'm interested to know if mbcico handles this situation properly, so I'd like to test that as well.

    I just polled your node and it seemed to work OK. No mail and no password so that is not much of a test.

    I'm going to netmail you shortly so if you'd like to test either IRex or mbcico more we can do that.

    I'll increase the CRAM challenge length when you give the go ahead and we can see what breaks. :-)

    digital man

    Synchronet "Real Fact" #85:
    The ZMODEM file transfer protocol is limited to files of 4 gigabytes or smaller.
    Norco, CA WX: 68.7°F, 70.0% humidity, 2 mph SW wind, 0.52 inches rain/24hrs
  • From Alan Ianson@1:153/757 to Robert Wolfe on Mon Mar 12 10:01:30 2018
    Re: Re: Bug report: BinkP CRAM challenges
    By: Robert Wolfe to Ben Ritchey on Sun Mar 11 2018 08:35 am

    I also run this on another port on my ArcaOS 5.0.2 VM as well, but I find that beta version to be unstable on the Windows platform. Then again, I was a beta tester (well still am apparently) since way back when I have a bellsouth.net email address :)

    That is good news! Is there still a beta team and any activity? I can think of a lot of folks who would like to see a new version of IRex released.

    I wouldn't mind setting up a link and testing IRex with binkit. If you'd like to do that netmail me, or email me at agianson{at}gmail{dot}com.

    Ttyl :-),
    Al


    ... You cannot achieve the impossible without attempting the absurd.
    --- SBBSecho 3.03-Linux
    * Origin: The Rusty MailBox - Penticton, BC trmb.synchro.net (1:153/757)
  • From Alan Ianson@1:153/757 to Rob Swindell on Mon Mar 12 10:02:25 2018
    Re: Bug report: BinkP CRAM challenges
    By: Rob Swindell to Alan Ianson on Sun Mar 11 2018 01:50 pm

    I'll increase the CRAM challenge length when you give the go ahead and we can see what breaks. :-)

    OK, I'll see what I can do here.. :)

    Ttyl :-),
    Al


    ... Good judgement comes from experience which comes from poor judgement
    --- SBBSecho 3.03-Linux
    * Origin: The Rusty MailBox - Penticton, BC trmb.synchro.net (1:153/757)
  • From Robert Wolfe@1:261/20 to Alan Ianson on Mon Mar 12 21:53:11 2018
    *** Quoting Alan Ianson from a message to Robert Wolfe ***

    That is good news! Is there still a beta team and any activity? I can
    a lot of folks who would like to see a new version of IRex released.

    I wouldn't mind setting up a link and testing IRex with binkit. If you
    to do that netmail me, or email me at agianson{at}gmail{dot}com.

    Unfortunately, I believe Charles stopped development a while back and I don't think ever officially released 2.31 and stopped with the beta versions at 2.67 beta 1a.

    --- Telegard/2 v3.09.g2-sp4/mL
    * Origin: Omicron Theta/2 * Southaven, MS * os2bbs.org:2300 (1:261/20)
  • From Nick Mackechnie@1:15/0 to Rob Swindell on Sat Mar 10 18:31:00 2018
    2. We've since changed BinkIT to only send a 16-byte CRAM challenge to
    resolve
    the incompatibility, so unless we find a guinea pig running versions of IRex
    *newer* than 2.29 and willing to experiment with a link running BinkIT,
    we'll
    never know.

    Hi Rob,

    Didnt realise there were newer versions of Irex (2.29) - if there is, happy
    to upgrade and test if useful.

    Nick,

    === SLMAIL v5.1 (#SLO409KEDG15G098)
    # Origin: The Trashcan - The BEST rubbish * bbs.thenet.gen.nz (3:772/210)
    --- SBBSecho 3.03-Linux
    * Origin: Region 15 HQ (1:15/0)
  • From Nick Mackechnie@1:15/0 to Andrew Leary on Sun Mar 11 10:18:00 2018
    Hello Nick!

    10 Mar 18 18:31, you wrote to Rob Swindell:

    Didnt realise there were newer versions of Irex (2.29) - if there is, happy to upgrade and test if useful.

    Any version of IRex newer than 2.29 is a beta version, not a release. 2.31
    is
    widely available, and there are a few of Charles' beta sites running a 2.67
    beta.

    Thanks mate - I've upgraded to 2.31, so if someone needs testing done, let
    me know.

    Nick

    === SLMAIL v5.1 (#SLO409KEDG15G098)
    # Origin: The Trashcan - The BEST rubbish * bbs.thenet.gen.nz (3:772/210)
    --- SBBSecho 3.03-Linux
    * Origin: Region 15 HQ (1:15/0)
  • From Robert Wolfe@1:261/20 to Nick Mackechnie on Tue Mar 20 16:35:38 2018
    *** Quoting Nick Mackechnie from a message to Andrew Leary ***

    === SLMAIL v5.1 (#SLO409KEDG15G098)

    Hmm, you know there is a ViaMAIL out there for SL that is easier to use than SLMAIL.

    --- Telegard/2 v3.09.g2-sp4/mL
    * Origin: Omicron Theta/2 * Southaven, MS * os2bbs.org:2300 (1:261/20)
  • From Nick Mackechnie@3:772/210 to Robert Wolfe on Wed Mar 21 22:22:00 2018
    *** Quoting Nick Mackechnie from a message to Andrew Leary ***

    === SLMAIL v5.1 (#SLO409KEDG15G098)

    Hmm, you know there is a ViaMAIL out there for SL that is easier to use than
    SLMAIL.

    Easier how? It's been working fine since 1988. :)

    Nick

    --- SLMAIL v5.1 (#SLO409KEDG15G098)
    * Origin: The Trashcan - The BEST rubbish * bbs.thenet.gen.nz (3:772/210)
  • From Robert Wolfe@1:261/20 to Nick Mackechnie on Wed Mar 21 18:06:57 2018
    *** Quoting Nick Mackechnie from a message to Robert Wolfe ***

    SLMAIL.

    Easier how? It's been working fine since 1988. :)

    Nick

    Easier to configure, IMO :) Since it has a text based graphic and menu driven interface. :)

    --- Telegard/2 v3.09.g2-sp4/mL
    * Origin: Omicron Theta/2 * Southaven, MS * os2bbs.org:2300 (1:261/20)
  • From Robert Wolfe@1:261/20 to Nick Mackechnie on Wed Apr 4 17:43:04 2018
    *** Quoting Nick Mackechnie from a message to Andrew Leary ***

    -!- SLMAIL v5.1 (#SLO409KEDG15G098)
    ! Origin: The Trashcan - The BEST rubbish * bbs.thenet.gen.nz (3:772

    In the process of moving my main system over to SL 5.1 using ViaMAIL! as the mail processor :)

    --- Telegard/2 v3.09.g2-sp4/mL
    * Origin: Omicron Theta/2 * Southaven, MS * os2bbs.org:2300 (1:261/20)