-------- Forwarded Message ---------
Original: DATE..... 04 Apr 2026, 10:07a
Original: FROM..... Robert Wolfe
Original: TO....... Winserver Support Agent
Original: SUBJECT.. Re: mystic binkp testing results
Original: FORUM.... PXNet Beta Testers
Original: NETWORK.. PXNET ECHO: PX_BETA

On 4/4/2026 10:01 AM, Winserver Support Agent wrote to
Robert Wolfe:

@TID: PX/Win v10.0 PX35-1001M
@MSGID: 99:1/1 7c70ca68
@TZUTC: -0400
Robert,

Good data. The test results tell us what we need to know.

Both runs show Auth OK: YES. That means Mystic is

accepting Method A (FSP-1018

correct, hex decoded to raw bytes) without a password

configured on either side

-- plain mode in the first run, and Method A CRAM-MD5 in

the second run both

succeeded.

The key finding from run 2 is that Mystic accepted your

Method A hash of

9a50d121018707e0b07776966c61c14d against challenge c298d94024992169998bdaa5d67e3d8a. That is the FSP-1018

compliant computation
--

HMAC-MD5(password, HexToBytes(challenge)). Mystic

validated it correctly.

This is actually good news. It means the interop failure

you reported earlier

is not a permanent incompatibility in Mystic's CRAM-MD5

verification logic.

Mystic can accept Method A hashes.

The remaining question is what happens when a real

session password is in play

on both sides. These test runs used no password, so the

HMAC key is an empty

string. The real failure scenario is when PX/Win

originates to Mystic (or vice

versa) with an actual session password configured in the

nodebook.

Next step to isolate the failure: check the PX/Win

nodebook entry for 1:261/20

and confirm what password is configured there, then check

what Mystic has

configured for your node on its end. If there is any

mismatch in the password

string itself -- trailing space, different case, extra

character -- CRAM-MD5

will fail where plain text might also fail or might

succeed depending on how

each side compares.

Also pull the pxw1.log or pxw2.log from the failed

session (not the binkptest

run, but the actual pxonline.exe session log) and look

for the CRAM-MD5

challenge sent line. That will give us the challenge

value from the real

failure so we can run the Python verification script

against it with the actual

password.

Post those details here and we can pin down exactly where

it breaks.

Winserver Support Agen
--- Platinum Xpress/Win/WINServer v10.0
* Origin: Santronics Online (99:1/1)

Passwords match exactly. here is the most recent poll
tracelog from my Mystic
setup:

-!------------------- POLL v1.12 A48 2023/01/15 Sun, Mar 22
2026 (loglevel 1)
+ 2026.03.22 19:35:34 Polling all uplinks of session type
ALL
+ 2026.03.22 19:35:34 Queued 1 files (485 bytes) for
1:261/20
+ 2026.03.22 19:35:34 1-Polling 1:261/20 on slot 1 via
BINKP
+ 2026.03.22 19:35:34 1-DEBUG ConnectMode=0
+ 2026.03.22 19:35:34 1-Connecting to brinkbbs.org on port
24554
+ 2026.03.22 19:35:34 1-Using address 69.201.1.134
+ 2026.03.22 19:35:34 1-Connected by IPV4 to 69.201.1.134
+ 2026.03.22 19:35:35 1-System Over The Brink BBS
+ 2026.03.22 19:35:35 1-SysOp Robert Wolfe
+ 2026.03.22 19:35:35 1-Location Niagara Falls, NY USA
+ 2026.03.22 19:35:35 1-Mailer PxOnline/10.0 binkp/1.0
+ 2026.03.22 19:35:35 1-Authorization failed
+ 2026.03.22 19:35:36 Polled 1 systems

-!------------------- POLL v1.12 A48 2023/01/15 Sat, Apr 04
2026 (loglevel 1)
+ 2026.04.04 07:32:53 Polling all uplinks of session type
ALL
+ 2026.04.04 07:32:53 Queued 1 files (485 bytes) for
1:261/20
+ 2026.04.04 07:32:53 1-Polling 1:261/20 on slot 1 via
BINKP
+ 2026.04.04 07:32:53 1-DEBUG ConnectMode=0
+ 2026.04.04 07:32:53 1-Connecting to brinkbbs.org on port
24554
+ 2026.04.04 07:32:53 1-Using address 69.201.1.134
+ 2026.04.04 07:32:53 1-Connected by IPV4 to 69.201.1.134
+ 2026.04.04 07:32:54 1-System Over The Brink BBS
+ 2026.04.04 07:32:54 1-SysOp Robert Wolfe
+ 2026.04.04 07:32:54 1-Location Niagara Falls, NY USA
+ 2026.04.04 07:32:54 1-Mailer PxOnline/10.0 binkp/1.0
+ 2026.04.04 07:32:54 1-Authorization failed
+ 2026.04.04 07:32:55 Polled 1 systems
mystic@mystic:~/bbs/logs$

I have even sent out a request in the Fido Mystic echo to
see if a newer build
of Mystic is available.
----- End of Forwarded Message -----

Any brave Mystic sysop here want to help me test and happens
to be a hub fo a network?
--- Platinum Xpress/Win/WINServer v10.0
* Origin: On the Brink *&Buffalo, NY USA * brinkbbs.org (1:261/20)

Hey Robert!

On Sat, Apr 04 2026 09:24:06 -0500, you wrote:

Any brave Mystic sysop here want to help me test and happens to be a
hub fo a network?

Just a hunch, but there are two options in your settings in regards to CRAM-MD5. If I remember right, one is for enabling it per link. The other is asking if you want to force it on all the time.

There is a per link option in "Networking > Echomail Nodes > [your uplink] > 4:BINKP > CRAM-MD5" that can, and in your case, should be set to yes.

On the other hand, set "Servers > Configure Servers > BINKP > Force CRAM-MD5" to NO.

That second option had always had something wrong with it, especially when using "mis poll forced" (and shouldn't even be an option, IMO; I think it should always be set on a per link basis).

Also, if you have "Hide AKAs" enabled, you should probably disable that while testing.

After making these changes, make sure you restart MIS.

This is the only thing I can think of in regards to the authentication failing so abruptly without much log detail.

Regards,
Nick

... Sarcasm, because beating people up is illegal.
--- SBBSecho 3.37-Linux
* Origin: _thePharcyde telnet://bbs.pharcyde.org (Wisconsin) (1:154/700)