Posted May 16, 2018 Not sure if I'm posting in the right "bug" forum, or if it's a bug, but it's damn annoying. At the owner's request, I logged in someone else's account a week ago. They gave me the hash to the account and I was still unable to log in. After several failed attempts, the owner shot me a PM on discord with a big long "block" of text that said "put this whole string in the password file". I did, and it worked. A normal password file contains on the third line: player_password=<hash> This hash consisted of the following: player_password=<hash> \u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000= Went about my Wurming, and a week later, I went to share MY hash with someone else, and now MY password file has that jibberish in it. And the player trying to log my account is unable to log in, unless they paste that jibberish in the hash file too! @ the devs.... is there any way to get rid of that jibberish? I know that \u0000 is a null value in java code but, I don't know what I'm doing. Deleting the password file and having it auto-recreate the first time I log in using the password on the splash screen resulted in a new password file with jibberish. Share this post Link to post Share on other sites
Posted May 16, 2018 I know you probably know this already, but just to preempt any confusion about this from anybody and get it out of the way: Wurm's password "hashes" aren't really "hashes" in a meaningful cryptographic sense. They are easily reversible. Never give your hash to someone unless you'd be comfortable giving them your password; they are essentially the same thing. 1 Share this post Link to post Share on other sites
Posted May 17, 2018 A really old bug in the client encryption Has been here since 2008 Share this post Link to post Share on other sites