[crossfire] Challenge-Response login, proof of concept implementation ready
Rick Tanner
leaf at real-time.com
Tue Jun 10 13:06:40 CDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AnMaster wrote:
|
| Backward compatibility would be supported by plain text login once and
then upgrade
| password in player file to store the "shared secret", then HMAC-SHA256
would be used in
| future to log in. I feel that it is less of an issue storing an
unencrypted shared secret
| on the server than, as we currently do, sending it in plain text over
network.
What about password resets in cases where a player returns from a long
hiatus and can't remember their password?
Under the current system, a person with server/shell access can reset
that players password. Would this new system prevent this?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFITsKwhHyvgBp+vH4RAthXAKCzC1s71VgPmWgAsbDvC9ihpd2rkwCfUs0D
wqG6V+F7Ogz+nPpZnX0RHnI=
=USLK
-----END PGP SIGNATURE-----
More information about the crossfire
mailing list