[Full-Disclosure] Re: IRCXpro 1.0 - Clear local and default remote admin passwords

[Darren Reed]

In some mail from =?iso-8859-1?Q?Mads_Tans=F8?=, sie said:
> 
> Concerning point 1;
> It is not usual for irc servers to store clear passwords in the
> IRCD.config files. Hybrid uses hashed password made with mkpasswd,
> genesis uses rijndael, nnircd for a sample uses some kinda of hash
> (based on ircd2 if I don’t remember to wrong). Using encrypted passwords
> are not cause of remote or local users, its just IF the server should
> get hacked it is not good to let the ircd.conf reveal the passwords.
> This also goes for linkpasswords.
> Imho the c/n's should also be a crypted line, but then again, that’s my
> oppinion.

FWIW, you can put an encrypted password in N's but cleartest must go
in C but it's tricky to get right.  For one, you need to used asymetric
passwords.  Well, you used to be able to, anyway, I'm not sure if this
is still supported.  mkpasswd is inherited by hybrid from ircd2.

Darren