My Idea

[Blazin]

Well ive been thinking about this for a very long time now, and i wondered if it was actualy possible. Ive been talking it over with Treax And he did mention it was possible but there would be a problem with the dialog Windows. So i was wondering if there was anyone out there that could possibly figure this out. As it would help Any server in a Big way. My idea was basicly if people manage to obtain server files like account information for example, then it would be Ideal To put a "Password" on the Warehouse keeper. As soon as a They get the Account information and log in they head straight for the warehouse. Which isnt protected, But if it was protected it would stop hacking accounts almost instantly as They wouldnt be able to get the password that was linked with the warehouse keeper seeing as it would be in a different Database. Well please share your Thought's on this as it would be a great contribution to help many people who host out there

[Scale]

prolly easyer to make an password encryption routine for the char files

[Blazin]

Yep Encryption would be the way to go, But what if they can Bypass the Encryption process? Anything is possible nowadays i wouldnt put it past anyone lol

[Scale]

if u keep the routine server side it would take them a while.

but if they can get your char files what prevents them from taking the warehouse code as well.

[diuuude]

encryption ?

Here is my idea, This would work if the people who want to steal the account just had the character file from the server : md5 encryption of the password !

Nobody would be able to find or bruteforce the password if you have one with atleast 10 alphanumeric chars!

[Drajwer]

encryption ?

Here is my idea, This would work if the people who want to steal the account just had the character file from the server : md5 encryption of the password !

Nobody would be able to find or bruteforce the password if you have one with atleast 10 alphanumeric chars!

not really... md5 isnt hard to crack if you got "rainbow tables".

Those contain alot of passwords (it weighs about 5gb).

I dont know how it works but i read about it and its plausible

[Jensen]

the tables work by having a preset list of password hashes, arranged in sets by the first 4 hash chars (at least in the project i saw) and for all passwords up to 6 chars i believe that it could take up to 72 Gb (dont quote me on that ammount) and the way that this way is faster is that instead of comparing a crapload of freshly genned hashes against the know pw hash, you just look up the pw hash in your rainbow db and its right next to the pw. the part that makes this rather impractacle is that storing all of these hashes expecially with longer passwords exponentially increases the required storage space

[diuuude]

the tables work by having a preset list of password hashes, arranged in sets by the first 4 hash chars (at least in the project i saw) and for all passwords up to 6 chars i believe that it could take up to 72 Gb (dont quote me on that ammount) and the way that this way is faster is that instead of comparing a crapload of freshly genned hashes against the know pw hash, you just look up the pw hash in your rainbow db and its right next to the pw. the part that makes this rather impractacle is that storing all of these hashes expecially with longer passwords exponentially increases the required storage space

that's why i said 10 chars long password with alpha numeric chars like:

Jen6381sen
Dr1aj3we4r


Who is dumb enough to download 5gb of useless md5 hash tables only for stealing a helbreath account ?

[Jensen]

dont forget symbol use , and casing Jen6#8!sEn

[Cleroth]

dont forget symbol use , and casing Jen6#8!sEn

Helbreath accepts special characters on passwords?

[locobans]

dont forget symbol use , and casing Jen6#8!sEn

Helbreath accepts special characters on passwords?

Yes.

[Jensen]

i know the simentech compiled client allows you to use control characters too so if i get some noob that gave out his pw it used to become ^A^A^A^A^A^A^A^A^A or so when i viewed the file in VI because people would try and change it to those.

just normal symbols should be included at least once in any password since most brute forces totally ignore them unless you add them specifically, but then again we could start a new topic on password security and stupid nubs will still give it out...

[Treax2]

but u can put password like that but if the account where stealed by (we want new hoster who accept and then steal accounts) ?

and the bank password is very easy whit commands

like /bankpassword *here u put your password* and then open a bank window ...
but it isnt very hard whit dialogs too

in client source just have make one new window what open when u click to warehouse keeper ... there u have put ur password .. if its right then it open a bank window .. else it close pw windows and dont open bank window

[Jensen]

rather than trying to pw every action such as exchange, grab from wh, drop item, sell and everything like that to piss people off, how about they just learn to not use the password 1234, or 123456. and not give out the pw. probally the 2 most communly used passwords.

and not to share their account. its really not hard to keep a password secret.

[Zabu]

72Gb->77309411328b
It MIGHT take 10% for storing data, so that leaves us 69578470195 bytes->6957847019 passwords of 10 characters (using ASCII/UTF8, half of them for UTF16/etc).

If you send 10 pwd/second it would take 22 years to use them all.

A complete dictionary of 10-character passwords (using ASCII/UTF8, double of them for UTF16/etc) takes 12089258196146291747061760B (11258999068426240TBytes of raw data). Note that I used full dictionary size, the number dramatically decreases using, for example, just a~z A~Z 0~9.

If you send 10 pwd/second it would take 3.833.478.626.378.200 years to try them all.

Good luck