[Dxspider-support] Question Regarding Password Enforcement

Sat Feb 8 11:10:42 GMT 2025

Hi Ian,

The use of passwords on the links between nodes, allows those of us who have it enabled, to be certain that the XXXXX-2 is really the one that is connected to our node.
If this were a standard, the recent and future problems would have been avoided.

Regarding the use of the registry, I believe that without a password it is useless.

Establishing a unique password, key or certificate is unfeasible if there is no entity that centralises it and guarantees the authenticity of the applicant.
But if software developers like N1MM, DXlog, Logger32, Swisslog, HRD, ... want to, they can implement the use of password associated to each node. How it would be stored, I don't see many problems.

When people talk about the insecurity of Telnet, that's true, but who is going to spend time and money to hack into the Internet router network to get the passwords of a simple hamradio? There is no €€ behind it.

I still believe that the natural evolution of our network is to categorise traffic in a way that gives the sysop and the user the option to choose the spots based on the guarantee of the originating node.
If we were to add a new sentence including a quality byte, such as:
8: Source node with authenticated registration (password, key or certificate), updated and all partners authenticated.
7: Source node with authenticated record (password, key or certificate), updated and non-authenticated partners.
6: Source node with authenticated registration (password, key or certificate), out of date and all authenticated partners
5: Source node with authenticated registration (password, key or certificate), outdated and unauthenticated partners
4: Source node without authenticated registration, up to date and all partners authenticated
3: Source node without authenticated registration, up to date and unauthenticated partners
2: Source node without authenticated registration, out-of-date and all authenticated partners
1: Source node without authenticated registration, outdated and unauthenticated partners
0: Source node obsolete

This should converge into a ‘standardised’ and modern Network, where fields such as mode and submode are incorporated into the current comment field. But this requires third-party sw developers to be willing to evolve. If not all, then at least those who join the changes.

We have to start thinking that the node is not a ‘thing’ that I set it and forget about it. If I have it, I am responsible for its proper functioning, because I am part of something bigger, and my inactions can bring serious consequences to the rest of the community.

Have a nice weekend.

Kin EA3CV

De: Dxspider-support <dxspider-support-bounces at tobit.co.uk> En nombre de Ian Maude via Dxspider-support
Enviado el: viernes, 7 de febrero de 2025 15:20
Para: The DXSpider Support list <dxspider-support at tobit.co.uk>
CC: Ian Maude <ijmaude at icloud.com>
Asunto: Re: [Dxspider-support] Question Regarding Password Enforcement

In my opinion, passwords are pretty much next to useless.  The reason I say this is that they are only active for the local node.  What would make more sense is if that password was shared (obviously not openly) across all nodes, so that whatever node a user logs in to would honour that password.  Registration and passwords were introduced *during* 9/11 with DXSpider.  IIRC, Dirk released something like 9 updates that day.  Registration stops anyone not registered from logging in to a node with callsigns like ID1OT etc and posting.  This is a valuable and positive way of preventing fraud on the network.  Passwords have a certain amount of protection but not anywhere near as much.  Registration should be mandatory, passwords should be shared (encrypted in some way) across the network.  This would prevent a lot of abuse that we commonly see.  If CC cluster does not support passwords and registration, it should, Lee could easily add it.  Other softwares like AR Cluster and AK1A (I mean, good grief!) need to be replaced with supported software.  It costs nothing to do after all!

My 2 (whatever your lowest currency option is)

73 Ian

On 7 Feb 2025, at 13:12, Kin via Dxspider-support <dxspider-support at tobit.co.uk> wrote:

Anthony,

Passwords are not deleted, the variable is used to condition whether or not all users are forcedto use passwords.

Look at you:
 <https://github.com/EA3CV/dxspider_info/blob/main/Docs/Node_configuration_for_user_access.pdf> https://github.com/EA3CV/dxspider_info/blob/main/Docs/Node_configuration_for_user_access.pdf

Kin EA3CV

De: Dxspider-support <dxspider-support-bounces at tobit.co.uk> En nombre de Anthony (N2KI) via Dxspider-support
Enviado el: viernes, 7 de febrero de 2025 13:28
Para: Dirk Koopman <djk at tobit.co.uk>; The DXSpider Support list <dxspider-support at tobit.co.uk>
CC: Anthony (N2KI) <n2ki.ham at gmail.com>
Asunto: [Dxspider-support] Question Regarding Password Enforcement

Dirk, et al,

Currently, my node does not enforce a password requirement using the startup script using

set/var $main::passwdreq = 0

but I have users who have set passwords to use to login.  If I change the script to

set/var $main::passwdreq = 1

Will the current user passwords be retained?  Or will we have to start new?

Thanks!

Regards,

Anthony 
   N2KI

_______________________________________________
Dxspider-support mailing list
Dxspider-support at tobit.co.uk
https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20250208/2b31ee6a/attachment-0001.htm>