Re: Passwords logging

From: Bob Castillo (castillo7@hotmail.com)
Date: 02/02/00


        If ever there's a security issue about logging password... to check double
account or whatever...
        Maybe, it could be smart instead of logging "plain text password" to
download from the net a crypt function "DES encryption" (.c code) and hack
it up to: You remove the part of the code that assign a random salt to the
encryption... instead, you make it to use a fixed salt.. You would be able
to compare those encrypted password :)  Then you compile your MUD using that
.o file... so, you won't compromise your own system ;-) ; And, players would
be happy to keep their password private :)
        Or even easier, but maybe less secure.. it could be possible to log some
kind of password in 32bits CRC.
        Castillo
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 04/10/01 PDT