Complete.Org: Mailing Lists: Archives: freeciv-dev: August 2001:
[Freeciv-Dev] Re: Passwd auth with MD5 hash 		Home

[Freeciv-Dev] Re: Passwd auth with MD5 hash

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: freeciv-dev@xxxxxxxxxxx
Subject: [Freeciv-Dev] Re: Passwd auth with MD5 hash
From: Erik Sigra <sigra@xxxxxxx>
Date: Tue, 21 Aug 2001 20:54:02 +0200
Reply-to: sigra@xxxxxxx 
tisdagen den 21 augusti 2001 20:44 skrev du:
> On Tue, 21 Aug 2001, Auth Gábor wrote:
> > >> [...] the owner of the save game file can always change the password
> > >> or hack the server to not hash it, so it doesn't add any security.
> > >
> > > It does in civserver.freeciv.org where password-based authentication
> > > would be very nice, while the savegames are published on the website.
> >
> >   I try write usable password authentication to FreeCiv, because while
> > my connection is closed, meanwhile other people can't join in my name...
> >   DES or MD5 hash is very good for insecure usage, where I can't trust
> > in the server admin. The MD5 hash can't explain, except brutal force. If
>
> It doesn't add anything if you can't trust the server admin, since he can
> just modify the server to tell him the password when you enter it.

Aren't passwords usually sent encrypted over networks? Then the server admin 
can not modify the server to tell him the password. I don't know how it was 
implemented in this patch, but if it is implemented at all then it should be 
this way.
[Prev in Thread] Current Thread [Next in Thread]