Page 1 of 1

Posted: Tue Sep 25, 2007 3:17 pm
by MagiNinjA
That's awesome.

It's like that guy who thinks Google is trying to make him miserable. It's a 5 billion $ case right now. :D

Posted: Tue Sep 25, 2007 8:42 pm
by Jesus
If and when you change your password, will you let us know the name of the film?

Posted: Tue Sep 25, 2007 8:50 pm
by Ryme
Was the password "p@ssword"?

Posted: Tue Sep 25, 2007 8:58 pm
by Ryme
Not that simplistic? You could have fooled me! :P

All the password stuff for the game is stored encrypted, so I don't know what anybody's is. I figure it's safer that way. Or at least it's the honorable thing to do, right?

Posted: Tue Sep 25, 2007 9:40 pm
by Cristiona
Stored in a hash but able to be edited by an admin, I would assume? Or are you totally unable to touch them?

Or should I stop prying on this sort of thing :wink:

Posted: Tue Sep 25, 2007 9:43 pm
by Ryme
Conscience.

I'm just hashing the passwords, but that seemed to obscure the data enough for the purposes of a game site. Besides, why bother stealing the passwords outright when the keylogger that Twilight installs will get me credit cards and bank accounts, too? :lol:

Someday, I'm probably going to regret saying that. Someone's going to take it seriously and tell their parents I'm stealing things from their computers, and I'll end up in jail. Sheesh.

Posted: Tue Sep 25, 2007 9:46 pm
by Ryme
Cristiona wrote:Stored in a hash but able to be edited by an admin, I would assume? Or are you totally unable to touch them?
As it's in a database, I can of course edit the password, in that I can delete them entirely or put anything else I want into that field. I don't know of any way to convert/extract the current one from the hashed result, but on a couple of occasions when people lost their password I did insert a temporary one for them until they could log in and change it back. For the most part, though, I discourage the losing of passwords because it's a total pain for me, and if I don't know you well enough to trust you I might not feel confident in resetting it.

Posted: Tue Sep 25, 2007 9:51 pm
by Cristiona
That's kinda what I figured. For what it's worth, I think there are some tools that can extract a password from a hash, but they're pretty limited (I believe they need to be 'trained', and of course, you need access to the hashes), and I think they don't work over a certain length (as hashes tend to be of a set length, even when the pw is longer than the hash).


Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.

Posted: Tue Sep 25, 2007 10:00 pm
by Ryme
Cristiona wrote: Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.
Yeah, I know. I've been mostly neglecting administrative stuff like that. I'm sure about two weeks of beta will make me clean it up, what with all the rapscallionish newbies.

Posted: Mon Oct 01, 2007 6:21 am
by Ryme
Ryme? Oh, yeah, I totally know you. But then again, I also know where you keep your password. So why don't I just retrieve it and hand it over to you personally?