Re: Ethics.

From: Peter Ajamian (pajamian@cheapsam.com)
Date: 01/24/00

Next message: StormeRider: "Re: Ethics."
Previous message: The Merciless Lord of Everything: "Re: Ethics."
Maybe in reply to: Adam G Dobrinin: "Ethics."
Next in thread: StormeRider: "Re: Ethics."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The Merciless Lord of Everything wrote:
>
> On Mon, 24 Jan 2000, Peter Ajamian wrote:
>
> > amount of trust in you, do them a favor and keep that trust justified.
> Well put! :) Made me think of something regarding password policies and
> such..
>
> What are people's opinions on using the MD5 hashing routine for
> passwords? That way you don't store the password, but only it's hash
> value.
>
The current crypt function stores hash values, but MD5 would ceartainly
be more secure.

> Some Advantages:
>
> - CircleMUD wouldn't run into any export restrictions with DES (Though I
> cannot remember if it still in Effect)
>
> - Passwords can be longer than 8 Characters (Can't remember how many, but
> over 50 characters at least)
>
> - With the new machines, a bruteforce on DES (crack or whatnot) takes
> significally less time than trying to break the same MD5 password.
>
> Disadvantages:
>
> - Prolly not all OS's come with MD5 installed from the beginning (I know
> FreeBSD does, Can't remember about Linux)
>
It depends on the distribution, I'm fairly ceartain that Redhat 6.x
comes with MD5.

> Of course it still doesn't solve the problem of "How do I trust my
> players?", one way of getting around that is to ask for an email address
> when creating a player. optional of course, but if player forgets his/her
> password, and have attempted X amount of times, the mud could
> theoretically send it, *BUT* that would require either a decrypt, or at
> least some other way of shipping the password, and you would be back at
> square one. :)
>
The solution is simple, have the MUD mail the player a new password,
then there is no need to access the current one.

> ObSomethingelse:
> Have someone thought of the posibility to have players have the same name
> (I.e. Two players called Svenn)? As far as I can see, it shouldn't be that
> much of a hassle, but have anyone done any thinking in that
> area? Pros/Cons?

Ceartainly it can be done, but it would end up resulting in too much
confusion for the players imho.

Regards, Peter


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
     +------------------------------------------------------------+

Next message: StormeRider: "Re: Ethics."
Previous message: The Merciless Lord of Everything: "Re: Ethics."
Maybe in reply to: Adam G Dobrinin: "Ethics."
Next in thread: StormeRider: "Re: Ethics."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 04/10/01 PDT