Page 1 of 1
Posted: Tue Sep 25, 2007 3:17 pm
by MagiNinjA
That's awesome.
It's like that guy who thinks Google is trying to make him miserable. It's a 5 billion $ case right now.
Posted: Tue Sep 25, 2007 8:42 pm
by Jesus
If and when you change your password, will you let us know the name of the film?
Posted: Tue Sep 25, 2007 8:50 pm
by Ryme
Was the password "p@ssword"?
Posted: Tue Sep 25, 2007 8:58 pm
by Ryme
Not that simplistic? You could have fooled me!
All the password stuff for the game is stored encrypted, so I don't know what anybody's is. I figure it's safer that way. Or at least it's the honorable thing to do, right?
Posted: Tue Sep 25, 2007 9:40 pm
by Cristiona
Stored in a hash but able to be edited by an admin, I would assume? Or are you totally unable to touch them?
Or should I stop prying on this sort of thing
Posted: Tue Sep 25, 2007 9:43 pm
by Ryme
Conscience.
I'm just hashing the passwords, but that seemed to obscure the data enough for the purposes of a game site. Besides, why bother stealing the passwords outright when the keylogger that Twilight installs will get me credit cards and bank accounts, too?
Someday, I'm probably going to regret saying that. Someone's going to take it seriously and tell their parents I'm stealing things from their computers, and I'll end up in jail. Sheesh.
Posted: Tue Sep 25, 2007 9:46 pm
by Ryme
Cristiona wrote:Stored in a hash but able to be edited by an admin, I would assume? Or are you totally unable to touch them?
As it's in a database, I can of course edit the password, in that I can delete them entirely or put anything else I want into that field. I don't know of any way to convert/extract the current one from the hashed result, but on a couple of occasions when people lost their password I did insert a temporary one for them until they could log in and change it back. For the most part, though, I discourage the losing of passwords because it's a total pain for me, and if I don't know you well enough to trust you I might not feel confident in resetting it.
Posted: Tue Sep 25, 2007 9:51 pm
by Cristiona
That's kinda what I figured. For what it's worth, I think there are some tools that can extract a password from a hash, but they're pretty limited (I believe they need to be 'trained', and of course, you need access to the hashes), and I think they don't work over a certain length (as hashes tend to be of a set length, even when the pw is longer than the hash).
Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.
Posted: Tue Sep 25, 2007 10:00 pm
by Ryme
Cristiona wrote:
Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.
Yeah, I know. I've been mostly neglecting administrative stuff like that. I'm sure about two weeks of beta will make me clean it up, what with all the rapscallionish newbies.
Posted: Mon Oct 01, 2007 6:21 am
by Ryme
Ryme? Oh, yeah, I totally know you. But then again, I also know where you keep your password. So why don't I just retrieve it and hand it over to you personally?