A REG command proposal
Forum rules
If you have an account on the wiki, remember to update the ADC Proposals page for new ideas.
http://dcbase.org/wiki/ADC_Proposals_list
If you have an account on the wiki, remember to update the ADC Proposals page for new ideas.
http://dcbase.org/wiki/ADC_Proposals_list
-
- Senior Member
- Posts: 328
- Joined: 04 Dec 2007, 07:25
- Location: Bucharest
- Contact:
Re: A REG command proposal
Even if the hub does not know the original password, it knows the hash, which is more than enough to use it.
Just someone
-
- Member
- Posts: 53
- Joined: 15 Sep 2008, 21:48
- Location: adcs://adcs.uhub.org:1511
- Contact:
Re: A REG command proposal
if the password is bad it is still easy to crack it using tools, such as john or jack to crack it in minutes.
-
- Senior Member
- Posts: 100
- Joined: 30 Dec 2008, 14:59
Re: A REG command proposal
Very true. Anybody determined is going to get at the password one way or another. But they do have to be bothered. I just don't like the fact that a casual glance at the hub software or a settings file will show everybody's passwords.
-
- Senior Member
- Posts: 328
- Joined: 04 Dec 2007, 07:25
- Location: Bucharest
- Contact:
Re: A REG command proposal
it doesn't matter if they see the passwords or the hash it's the same thingdarkKlor wrote:Very true. Anybody determined is going to get at the password one way or another. But they do have to be bothered. I just don't like the fact that a casual glance at the hub software or a settings file will show everybody's passwords.
Just someone
-
- Senior Member
- Posts: 139
- Joined: 10 Nov 2007, 21:34
Re: A REG command proposal
I'll say this... ADC does not send passwords in plain text anymore (which is good), so if we start from there it would make sense that any protocol extensions dealing with passwords not to do that (send password in plain text) either.
That said, I haven't read either of the proposals by darkKlor so I do not know how he hashes the passwords and in which instances, but remember that how hub software stores its settings files or what it displays to the admin/user is not something the protocol really should try to affect on (which is what he seems to want in regards to passwords).
Regardless... no matter what you do with passwords the persistent will always be rewarded, however, I do agree with darkKlor in that it should never be made too easy for anyone to find out a users password (not even the hub host/admin).
See the first point made though, because the idea of protocol not sending passwords in plain text (which is protection against packet sniffing, I assume) will be defeated if an extension does it no matter what the extensions for.
That said, I haven't read either of the proposals by darkKlor so I do not know how he hashes the passwords and in which instances, but remember that how hub software stores its settings files or what it displays to the admin/user is not something the protocol really should try to affect on (which is what he seems to want in regards to passwords).
Regardless... no matter what you do with passwords the persistent will always be rewarded, however, I do agree with darkKlor in that it should never be made too easy for anyone to find out a users password (not even the hub host/admin).
See the first point made though, because the idea of protocol not sending passwords in plain text (which is protection against packet sniffing, I assume) will be defeated if an extension does it no matter what the extensions for.