Re: Ethics.

From: Peter Ajamian (
Date: 01/24/00

The Merciless Lord of Everything wrote:
> On Mon, 24 Jan 2000, Peter Ajamian wrote:
> > amount of trust in you, do them a favor and keep that trust justified.
> Well put! :) Made me think of something regarding password policies and
> such..
> What are people's opinions on using the MD5 hashing routine for
> passwords? That way you don't store the password, but only it's hash
> value.
The current crypt function stores hash values, but MD5 would ceartainly
be more secure.

> Some Advantages:
> - CircleMUD wouldn't run into any export restrictions with DES (Though I
> cannot remember if it still in Effect)
> - Passwords can be longer than 8 Characters (Can't remember how many, but
> over 50 characters at least)
> - With the new machines, a bruteforce on DES (crack or whatnot) takes
> significally less time than trying to break the same MD5 password.
> Disadvantages:
> - Prolly not all OS's come with MD5 installed from the beginning (I know
> FreeBSD does, Can't remember about Linux)
It depends on the distribution, I'm fairly ceartain that Redhat 6.x
comes with MD5.

> Of course it still doesn't solve the problem of "How do I trust my
> players?", one way of getting around that is to ask for an email address
> when creating a player. optional of course, but if player forgets his/her
> password, and have attempted X amount of times, the mud could
> theoretically send it, *BUT* that would require either a decrypt, or at
> least some other way of shipping the password, and you would be back at
> square one. :)
The solution is simple, have the MUD mail the player a new password,
then there is no need to access the current one.

> ObSomethingelse:
> Have someone thought of the posibility to have players have the same name
> (I.e. Two players called Svenn)? As far as I can see, it shouldn't be that
> much of a hassle, but have anyone done any thinking in that
> area? Pros/Cons?

Ceartainly it can be done, but it would end up resulting in too much
confusion for the players imho.

Regards, Peter

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  |

This archive was generated by hypermail 2b30 : 04/10/01 PDT