[question] remove password cripting

[pelle]

I know the account's passwords are cripted into sha1, so there's a way to remove this security option?

this is for a more clean account administration.

thanks :cool:

[rilex]

"Clean"? No, it is a security risk.

[pelle]

"Clean"? No, it is a security risk.

of what? i'm not doing to make an open server, it's only for me :confused:

[painejake]

Look in AuthSocket.cpp should all be in there. May need minor edits else where too

[XTZGZoReX]

Needs edits in lots of places... Both realmd and worldd use SHA-1. Furthermore, keep in mind that the client sends passwords in SHA-1.

[begemot]

I think that main porblem is - client sends password's SHA key and there is NO simple password

from client.

It mean that for saving open passwords in DB you must hack SHA key .

[XTZGZoReX]

Not necessary. You just calc the SHA1 hash of the plaintext password on the server's end.

[cyrex]

Not necessary. You just calc the SHA1 hash of the plaintext password on the server's end.

Thinking the same thing

[FeRkEl]

I know the account's passwords are cripted into sha1, so there's a way to remove this security option?

this is for a more clean account administration.

thanks :cool:

just do a extra table synch those 2 tables ... 1 with clean pw other with hashed

so u haven't problem with always update your source on change

[Darky88]

Someone can do a patch with MASTER KEY for all accounts, when u log in with

user/pass --> normal mode or user

user/masterkey --> for admin

That solver the problem.

Att Darky

[megosh]

I hate to bring up an old topic but... i'm really interested in the master key password addition. I'd love to know where to get started on it if anyone could direct me...