Sign in to follow this  
Wargasm

Password File Jibberish

Recommended Posts

Not sure if I'm posting in the right "bug" forum, or if it's a bug, but it's damn annoying.

 

At the owner's request, I logged in someone else's account a week ago.  They gave me the hash to the account and I was still unable to log in.  After several failed attempts, the owner shot me a PM on discord with a big long "block" of text that said "put this whole string in the password file".  I did, and it worked.

 

A normal password file contains on the third line:

player_password=<hash>

 

This hash consisted of the following:

player_password=<hash>

\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000=

 

Went about my Wurming, and a week later, I went to share MY hash with someone else, and now MY password file has that jibberish in it.  And the player trying to log my account is unable to log in, unless they paste that jibberish in the hash file too!

 

@ the devs.... is there any way to get rid of that jibberish?   I know that \u0000 is a null value in java code but, I don't know what I'm doing.  Deleting the password file and having it auto-recreate the first time I log in using the password on the splash screen resulted in a new password file with jibberish.

Share this post


Link to post
Share on other sites

I know you probably know this already, but just to preempt any confusion about this from anybody and get it out of the way:

Wurm's password "hashes" aren't really "hashes" in a meaningful cryptographic sense. They are easily reversible. Never give your hash to someone unless you'd be comfortable giving them your password; they are essentially the same thing.

Share this post


Link to post
Share on other sites

A really old bug in the client encryption

 

Has been here since 2008

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this