BBS:      TELESC.NET.BR
Assunto:  Question on User Data
De:       Digital Man
Data:     Tue, 17 Feb 2026 19:45:00 -0800
-----------------------------------------------------------
  hbRenb: hcQuestion on User Data
  bBynb: hcFeserenity bto cAll bon cTue Feb 17 2026 07:28 pmn

 > Hello! I'm just setting up a Snychronet instance and reading through the
 > configuration docs in my spare time. I noticed that user information is
 > stored in plaintext flatfiles (which is in line with ye olde days.) Are
 > there any existing password hash modules for handling login so that
 > passwords are obfuscated for new users?  If not, would it be possible to add
 > into the login process? I haven't coded in C for a number of years now but
 > would be willing to go poke at it.

No, there's no mechanism for hashing or encrypting the passwords in the Synchronet userbase (today, that's data/user/user.tab). A one-way hash would be particularly tricky because Synchronet supports a bunch of digest-based authentication methods that all require different hashes of the password along with challenge/nonce/sale (so you need the original password to compute those).

We could encrypt the passwords on disk (reversable to plaintext again, for the above stated reasons), but then you need to have/store a key to decrypt them somewhere and how is that any more secure than the user.tab file? It's a can of worms that hasn't be worth dumping out and sorting through.
-- 
                                            HYdigital man n(rob)

Synchronet/BBS Terminology Definition #74:
SMB = Synchronet Message Base (e.g. smblib)
Norco, CA WX: 51.6F, 69.0% humidity, 10 mph SSE wind, 0.30 inches rain/24hrs
n---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]