Hiya! I usually don't post to this list but I do read it. I find myself drawn to comment. Q: Why should you endeavor to keep passwords not only unreadable from users/players but also from yourself? A: Because if they are readable, you run the risk of those passwords getting leaked by one method or another <somone tells, someone "breaks" in, whatever, MURPHY'S LAW applies here>. So what you might ask? "Its just players files, sheesh!" Inevitably, there will be players who, because they are lazy, innocent, incompetent, what have you, they use the same password on more than one account. Whether that be internet account, player file, or anything else with password locking. Once those passwords are known, they can then be inserted into a password demon hacker and spewn at known users@host accounts until one works. This method is MUCH more likely to work compared to the random password daemons that exist because here it is known that all these passwords are used by real people, possibly more than once as opposed to the pure randomness of the other technique. I read an example of this long ago. It was a speal on why should you not use the same password at work as you do somewhere else. It went something like this. --- Foo has an account at a high security network. Foo also plays a mud <it really did use mud in the supposedly true story>. The password file, unknowingly of Foo or the mud administrator, was stolen by a hacker. Hacker then uses these passwords in his nifty keen password hacking daemon and after several thousand attempts at various account on various systems, gets a match and WAM! High security network's security is toast. All because someone was A) foolish enough to use his passwords more than once, and B) someone was foolish enough to store passwords in legible format. --- This technique works even better if you do some netstats on the mud machine while your stealing the passwords. Then you don't have to stab out at sites randomly, you have a list of possible targets on hand. Moral to the story? Either Foo or the mud administrator could have nipped this situation in the bud. Don't let your own system/behavior cause this kind of security breakdown. --- Want another reason not to store passwords in legible format? So your users don't get paranoid about their passwords <even the folx with low security data in their accounts> so they CAN be stupid and careless with their passwords instead of keeping half a dozen diff passwords around for all the games they play. --Paul --pcole@ccwf.cc.utexas.edu
This archive was generated by hypermail 2b30 : 12/07/00 PST