On Mon, 24 Jan 2000, Peter Ajamian wrote: > amount of trust in you, do them a favor and keep that trust justified. Well put! :) Made me think of something regarding password policies and such.. What are people's opinions on using the MD5 hashing routine for passwords? That way you don't store the password, but only it's hash value. Some Advantages: - CircleMUD wouldn't run into any export restrictions with DES (Though I cannot remember if it still in Effect) - Passwords can be longer than 8 Characters (Can't remember how many, but over 50 characters at least) - With the new machines, a bruteforce on DES (crack or whatnot) takes significally less time than trying to break the same MD5 password. Disadvantages: - Prolly not all OS's come with MD5 installed from the beginning (I know FreeBSD does, Can't remember about Linux) Of course it still doesn't solve the problem of "How do I trust my players?", one way of getting around that is to ask for an email address when creating a player. optional of course, but if player forgets his/her password, and have attempted X amount of times, the mud could theoretically send it, *BUT* that would require either a decrypt, or at least some other way of shipping the password, and you would be back at square one. :) ObSomethingelse: Have someone thought of the posibility to have players have the same name (I.e. Two players called Svenn)? As far as I can see, it shouldn't be that much of a hassle, but have anyone done any thinking in that area? Pros/Cons? /S "The Law of Self Sacrifice" When you starve with a tiger, the tiger starves last. +------------------------------------------------------------+ | Ensure that you have read the CircleMUD Mailing List FAQ: | | http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html | +------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 04/10/01 PDT