[CF-Devel] MD5 crypt in FreeBSD

Mark Wedel mwedel at scruz.net
Thu Nov 16 22:30:14 CST 2000 

 The simple fix of course is to use the older crypt.  Its not like the crossfire
player files need very strong security.

 I'm not sure, but my guess is that this improved crypt is generating 8 bit
data?  If so, I could certainly see why it may not work - everthing dealith with
passwords in crossfire assume textual type data - it does things like strcpy's,
stores the data in character format, etc, and all of those will probably break
on 8 bit data.

 In reality, you could probably store the password un-encrypted in reasonable
safety if you use the right perms on the save files so no one else can see them
(this later step isn't even needed if the players don't have access to the
server crossfire is running on or you trust the users that do).

Joris Bontje wrote:
>
     
     
     >
     
      Normally (DES) the password field in the userfiles look like this:
     
     >
     
     
     >
     
      "password vIPIFM3456FKD"
     
     >
     
     
     >
     
      that doesn't work with the MD5 algorithm...
     
     >
     
      now create an MD5 hash with a perl program and replace the DES
     
     >
     
      --- perl program ---
     
     >
     
      #!/usr/bin/perl -w
     
     >
     
      use strict;
     
     >
     
      print "The password is: ";
     
     >
     
      print crypt("secretpass","");
     
     >
     
      print "\n\n";
     
     >
     
      --- end of perl program ---
     
     >
     
      This gives:
     
     >
     
      The password is: $1$$stmAa3iXQxI4jYtPrZgI./
     
     >
     
     
     >
     
      Now replace the DES password in the playerfile with the MD5 hash
     
     >
     
      and log in, it should work. But when you save the character it is
     
     >
     
      mangled to:
     
     >
     
     
     >
     
      "password $1$Lrìø¿¿,Ð$xX5to"
     
     >
     
     
     >
     
      So the second time you can't login anymore. New users still can't
     
     >
     
      be created...
     
     >
     
      The DES to MD5 step is rare and you can't do something about it
     
     >
     
      except for supporting 2 password formats...
     
     >
     
      But MD5 should work! Somewhere deep inside the C code the
     
     >
     
      password is mangled and restricted and that lets MD5 fail its job.
     
     >
     
     
     >
     
      Fix:
     
     >
     
      -- insert here :) --
     
     >
     
     
     >
     
      Joris Bontje "MiDS"
     
     >
     
      Admin of mids.student.utwente.nl
     
     >
     
      ---
     
     >
     
      The suespammers.org mail server is located in California;
     
     >
     
      do not send unsolicited bulk e-mail or unsolicited
     
     >
     
      commercial e-mail to my suespammers.org address
     
     >
     
      _______________________________________________
     
     >
     
      crossfire-devel mailing list
     
     >
     
     
      crossfire-devel at lists.real-time.com
      
      
     >
     
     
      https://mailman.real-time.com/mailman/listinfo/crossfire-devel

More information about the crossfire mailing list