Re: CRYPT (period) (fullstop) (end) (\n\r)

From: NITRO (SB7230477@v9001.ntu.ac.sg)
Date: 04/23/95



I wonder why there is such a big hoo haa regarding the issue, but knowing
that this mailing list reaches out to many, and many has a piece of
their mind about it..;-).

Anyway, passwords, in what level of security, should be encrypted, 
regardless of what sort of algorithm you used.

However, pfiles should perhaps be stored as plaintext to allow you to
edit them easily by using any text editor. 

As far as mud account is concern, it belongs to the implementors of that
mud and he/she shoudl keep the account's password secure. If any pfiles
are corrupted due to the meddling of the implementor, then it's the
implementors' responsibility. Anyone else other then the implementors 
should not have access to the code, pfiles and anything else within the mud
account.

Thinking twice, keeping passwords of pfiles as plaintext is not really
much of a security risk. However, it does leave a bad taste in the mouths
of the players. At least, they would like to think that even the implementors
cannot play their character coz they don't have their passwords. 
True? or not. I leave it for you to decide. ;)           

As far as crypt is concern, it isn't hard to devise a decrypt algorithm. 
Many would like to think it's safe, but it's not. In mud however, it serves
no point to decrypt the passwords at all (if u are the implementor, that is),
unless you wish to takeover the char and discredit it...(flame me...hahaha)

Just my 2 worth and a new addition to the 20 odd mails i receive regarding
this issue. God, let it end here....(hee)


Nitro
"1, 2, 3, .... all the mails, and why don't i doze off ?????"

     



This archive was generated by hypermail 2b30 : 12/07/00 PST