-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AnMaster wrote: | | Backward compatibility would be supported by plain text login once and then upgrade | password in player file to store the "shared secret", then HMAC-SHA256 would be used in | future to log in. I feel that it is less of an issue storing an unencrypted shared secret | on the server than, as we currently do, sending it in plain text over network.
What about password resets in cases where a player returns from a long hiatus and can't remember their password? Under the current system, a person with server/shell access can reset that players password. Would this new system prevent this? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFITsKwhHyvgBp+vH4RAthXAKCzC1s71VgPmWgAsbDvC9ihpd2rkwCfUs0D wqG6V+F7Ogz+nPpZnX0RHnI= =USLK -----END PGP SIGNATURE----- _______________________________________________ crossfire mailing list crossfire@metalforge.org http://mailman.metalforge.org/mailman/listinfo/crossfire