Re: PLR Flag Maximum (trailing towards security issues)

From: George Greer (greerga@circlemud.org)
Date: 01/08/00


On Sat, 8 Jan 2000, Drew Shiner wrote:

>how are the passwords encrypted in stock circle, [...]

Standard UNIX crypt() function.  One-way conversion.

>and are there vulverabilies hackers can exploit to get my pw?

They could change your source code to log password input.

Otherwise there are many programs to brute-force attack a password file. If
someone is determined (and a fast computer helps), they will get the
password eventually.  Eventually may be a long time or short time depending
on your password.

--
George Greer            | The Ceramic Mouse & Snippets
greerga@circlemud.org   | http://developer.circlemud.org/


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 04/10/01 PDT