On Mon, 24 Jan 2000, Peter Ajamian wrote:
> amount of trust in you, do them a favor and keep that trust justified.
Well put! :) Made me think of something regarding password policies and
such..
What are people's opinions on using the MD5 hashing routine for
passwords? That way you don't store the password, but only it's hash
value.
Some Advantages:
- CircleMUD wouldn't run into any export restrictions with DES (Though I
cannot remember if it still in Effect)
- Passwords can be longer than 8 Characters (Can't remember how many, but
over 50 characters at least)
- With the new machines, a bruteforce on DES (crack or whatnot) takes
significally less time than trying to break the same MD5 password.
Disadvantages:
- Prolly not all OS's come with MD5 installed from the beginning (I know
FreeBSD does, Can't remember about Linux)
Of course it still doesn't solve the problem of "How do I trust my
players?", one way of getting around that is to ask for an email address
when creating a player. optional of course, but if player forgets his/her
password, and have attempted X amount of times, the mud could
theoretically send it, *BUT* that would require either a decrypt, or at
least some other way of shipping the password, and you would be back at
square one. :)
ObSomethingelse:
Have someone thought of the posibility to have players have the same name
(I.e. Two players called Svenn)? As far as I can see, it shouldn't be that
much of a hassle, but have anyone done any thinking in that
area? Pros/Cons?
/S
"The Law of Self Sacrifice"
When you starve with a tiger, the tiger starves last.
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 04/10/01 PDT