Download Game! Currently 85 players and visitors. Last logged in:VihaanArhatDeadweightTykki

BatMUD Forums > Updates > Changes to password system

 
 
#1
17 Jul 2014 12:40
 
 
Changes to password system

We have today done a few changes to our (really old) password system.
This will mainly be noticed by BatMUD now supporting longer passwords,
whereas in the past only the first 8 characters were meaningful.

++ Gore


/* Commence technical jargon */

Q: How do you store my password?

All passwords are stored in a secure database. The passwords are never
stored in plaintext format, only as one-way hashes. The new passwords
are stored as SHA-512 hashes and have uniquely generated random salts.


Q: Does this mean my password can never be cracked?

No. If you pick a bad password (like "secret") then it can still be
easily guessed (or cracked via bruteforce or dictionary attacks).
Hence it is important to select good passwords (atleast 8 characters
log, not based on dictionary words, containing upper and lower case
letters, numbers and special symbols).

However so-called rainbow tables are not feasible as a cracking
mechanism due to randomized salts.


Q: SHA-512 is not a true encryption function, why don't you use
bcrypt, scrypt or pbkdf2?

Bcrypt, scrypt and Pkbkdf2 introduce a work factor that makes
encryption operations slower, which means they are less susceptible
to brute-force attempts. The tradeoff however is that as they are
computationally expensive, using them - especially in a single-
threaded context like BatMUD - could cause lag.

 
Rating:
3
Votes:
3
 
 
Gore
A r c h w i z a r d
14y, 306d, 23h, 22m, 26s old
Level:
600 [Wizard]