| Pages: [1] :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 2 post(s) |
|
kieron
   |
Posted - 2006.05.12 18:05:00 -
[1]
As the topic states, password case sensitivity has returned to your password. If your log-in credentials are rejected, please verify the case of all letters in it. Further information may be found in this news item.
kieron
Community Manager,
EVE Online |
|
Gungankllr
|
Posted - 2006.05.12 18:06:00 -
[2]
word.
|
Berak FalCheran
|
Posted - 2006.05.12 18:11:00 -
[3]
cool. didn't know it was ever not case sensitive 
YOU LOVE THE BLINKING
|
Jim McGregor
|
Posted - 2006.05.12 18:33:00 -
[4]
Edited by: Jim McGregor on 12/05/2006 18:33:09
Damn, now i have to run my password cr@cker from the beginning again. Sigh.
---
The Eve Wiki Project |
Vicarrah
|
Posted - 2006.05.12 18:40:00 -
[5]
\o/ finally
and OMG IBDS!
Vicarrah
Tahiri |
Taz Devlin
|
Posted - 2006.05.12 18:43:00 -
[6]
kewl
Grr... A**rr  |
Shinnen
|
Posted - 2006.05.12 18:44:00 -
[7]
 Originally by: Berak FalCheran
cool. didn't know it was ever not case sensitive
Me neither...
Shinnen
------------------
|
Kylania
|
Posted - 2006.05.12 18:50:00 -
[8]
Well, that certainly explains what happened last nite. 
--
Lil Miner |
Eximius Josari
|
Posted - 2006.05.12 19:25:00 -
[9]
You mean to tell me that my pw has been easier to ***** till now?
~Eximius Josari, Hegemon of the E.A.R.T.H. Federation |
Tachy
|
Posted - 2006.05.12 20:16:00 -
[10]
uh, why has the case sensitivity been disabled?
Iirc it had been reenabled in january ... after someone found out it was disabled when all those accounts had been hacked?
--*=*=*--
Megadon
CCP wanted a well known artist and celebrity to test the new font so it's approval would be well known. They got Ray |
|
|
T Runner
|
Posted - 2006.05.12 23:15:00 -
[11]
only took me 20 hours of wasted time to read a very small piece in the dev blog, about case sensitive passwords, please put the thing in the start up window, would save the GM's a lot of petition through an alt to solve the problem.
|
CT BadIronTree
|
Posted - 2006.05.13 02:13:00 -
[12]
Edited by: CT BadIronTree on 13/05/2006 02:13:15
i sould learn not to click the botton two time wile drunked
edit
============================================
Colossus Technologies
The first and oldest corp in eve!
BadIronTree Head of Production
CSM Chat Log September 25, 2003:
Fuhry> Some things we simply cannot test, and therefore we just put it on Tranq. cross our fingers and then get into panic mode.
---------------------------------------
playing (or beta testing)since Sat, 2 Nov 2002 16:06 (beta 5)
---------------------------------------
|
CT BadIronTree
|
Posted - 2006.05.13 02:13:00 -
[13]
BTW any official news about the "hack" 3-4-5 months ago?
or is still under investigation?
============================================
Colossus Technologies
The first and oldest corp in eve!
BadIronTree Head of Production
CSM Chat Log September 25, 2003:
Fuhry> Some things we simply cannot test, and therefore we just put it on Tranq. cross our fingers and then get into panic mode.
---------------------------------------
playing (or beta testing)since Sat, 2 Nov 2002 16:06 (beta 5)
---------------------------------------
|
Andros vonBek
|
Posted - 2006.05.13 02:56:00 -
[14]
omg i petitioned this on like the very day it happened way back when and posted on the forums about it also and now it's been fixed and omg im so happy i could cry i was listened to by the devs yay woot
ahem
*straightens collar and looks all dignified like, or tries to...*
cool
Filesize too big. Mail [email protected] for info - Cathath |
N0VALAND
|
Posted - 2006.05.13 15:27:00 -
[15]
Funny they claim it being case-sensitive issues when i always used the same case settings. I solved it much easier tho by loggin in on the web page and changing my password, then it suddenly worked to log in again. And that i did the second the server came up again and i wasn't able to log in, which then i realised they ****** their data in the database server .
|
Mus Muris
|
Posted - 2006.05.14 12:14:00 -
[16]
Err.... you mean the passwords are stored in plain text and not hashed in the DB?
|
Suren Segolia
|
Posted - 2006.05.14 22:56:00 -
[17]
Originally by: Mus Muris
Err.... you mean the passwords are stored in plain text and not hashed in the DB?
Ummm - No. It means that the passwords were not checked for upper/lowercase, only lowercase.
Suren.
|
Traxman
|
Posted - 2006.05.15 14:57:00 -
[18]
Originally by: Mus Muris
Err.... you mean the passwords are stored in plain text and not hashed in the DB?
Yes, the passwords are stored as clear text
Originally by: Suren Segolia
Ummm - No. It means that the passwords were not checked for upper/lowercase, only lowercase.
Suren.
Suren, you dont know, right ? Ill explain then, the passwords are still in clear text, that means that CCP
can enter the database and can see your password, but now
your ElItE passwords just need to be enterd as its stored
but still - the password are still stored as clear text.
Meaby its time they use simple methods as password()
that i belive is builtin into the MS SQL.
I guess its time for the supermega elite nerds in London
to change the routines for that aswell, and its very
easy fixed )
For the flamers, when you get a better MySQL Master Degree
than me
/me want to convert eve to 64bit MySQL cluster any day, just hire me for some timecards
|
Pang Grohl
|
Posted - 2006.05.15 16:20:00 -
[19]
Originally by: Traxman
Originally by: Mus Muris
Err.... you mean the passwords are stored in plain text and not hashed in the DB?
Yes, the passwords are stored as clear text
Originally by: Suren Segolia
Ummm - No. It means that the passwords were not checked for upper/lowercase, only lowercase.
Suren.
Suren, you dont know, right ? Ill explain then, the passwords are still in clear text, that means that CCP
can enter the database and can see your password, but now
your ElItE passwords just need to be enterd as its stored
but still - the password are still stored as clear text.
Meaby its time they use simple methods as password()
that i belive is builtin into the MS SQL.
I guess its time for the supermega elite nerds in London
to change the routines for that aswell, and its very
easy fixed )
For the flamers, when you get a better MySQL Master Degree
than me
/me want to convert eve to 64bit MySQL cluster any day, just hire me for some timecards
Cause a master's degree gives you x-ray vision to see into the EVE DB CCP certainly never said that the passwords are stored as clear text, & I doubt they'd tell us how account passwords are stored anyway.
Forum: A place where ideas come to prove their worth.
|
Mus Muris
|
Posted - 2006.05.15 18:37:00 -
[20]
Edited by: Mus Muris on 15/05/2006 18:39:47
Edited by: Mus Muris on 15/05/2006 18:39:30
Originally by: Pang Grohl
Cause a master's degree gives you x-ray vision to see into the EVE DB
No... but it does allow anyone inside CCP with DB access to see them - and your username. Only takes a disgruntled employee to cause hassle. Also people use the same combinations elsewhere and this leaves them open if they do (which is why I don't!).
Whilst unlikely that there would be a problem it's fairly common practice to one-way-hash the passwords in the DB, then compare the hashed version. This is kind of security 101 and makes you worry about the rest of it! ;)
Originally by: Pang Grohl
CCP certainly never said that the passwords are stored as clear text, & I doubt they'd tell us how account passwords are stored anyway.
You can infer that by the fact that they were case-insensitve before. Change the case of letter and you would generally change the hash completely (e.g an MD5 or SHA1). Possible that the hash would just change case as well, but then it wouldn't be that secure anyway!
|
|
|
SecretSeller
|
Posted - 2006.05.15 21:37:00 -
[21]
Originally by: Mus Muris
Edited by: Mus Muris on 15/05/2006 18:39:47
Edited by: Mus Muris on 15/05/2006 18:39:30
Originally by: Pang Grohl
Cause a master's degree gives you x-ray vision to see into the EVE DB
No... but it does allow anyone inside CCP with DB access to see them - and your username. Only takes a disgruntled employee to cause hassle. Also people use the same combinations elsewhere and this leaves them open if they do (which is why I don't!).
Whilst unlikely that there would be a problem it's fairly common practice to one-way-hash the passwords in the DB, then compare the hashed version. This is kind of security 101 and makes you worry about the rest of it! ;)
Originally by: Pang Grohl
CCP certainly never said that the passwords are stored as clear text, & I doubt they'd tell us how account passwords are stored anyway.
You can infer that by the fact that they were case-insensitve before. Change the case of letter and you would generally change the hash completely (e.g an MD5 or SHA1). Possible that the hash would just change case as well, but then it wouldn't be that secure anyway!
Speaking from experience, the has changes completely with even one letter changing case.
|
Traxman
|
Posted - 2006.05.16 09:53:00 -
[22]
Originally by: Pang Grohl
Cause a master's degree gives you x-ray vision to see into the EVE DB CCP certainly never said that the passwords are stored as clear text, & I doubt they'd tell us how account passwords are stored anyway.
Its very logic to me, i understand that you dont understand
it but then most ppl ask why/how it comes while the other
group flame instead - even if they really dont know and
dont even care about checking/asking how it works.
Ill explain to you again so you understand and can
stop flaming peaople with stupid comments.
Only way you want to use sensitiv case is when you want
to compare A again a since you know its a diffrent since
A has ascii 65 and a has ascii 97, so there is a diffrens.
So, if CCP had converted it into say md5 with basic rules
the string will end up as hex 0-9a-f and therefor dont
need to compare the string with case senstiv text since
the output will always be A or a as long as its written
as HEX.
So the above conclusion gives me that the text they are
stored are still clear text.
Before you even think of replying my text - go find some
hardcore facts you base your smack - else you just show
the rest of the eve community that you are one of thoose
smack don-key's around.
|
Pang Grohl
|
Posted - 2006.05.16 19:11:00 -
[23]
Originally by: Mus Muris
Edited by: Mus Muris on 15/05/2006 18:39:47
Edited by: Mus Muris on 15/05/2006 18:39:30
Originally by: Pang Grohl
Cause a master's degree gives you x-ray vision to see into the EVE DB
No... but it does allow anyone inside CCP with DB access to see them - and your username. Only takes a disgruntled employee to cause hassle. Also people use the same combinations elsewhere and this leaves them open if they do (which is why I don't!).
Ahhh... not the point I was making. You are absolutley correct, that if, the passwords are stored as clear text, there's a problem.
My point is that, knowledge of SQL doesn't mean knowledge of how CCP has implemented their SQL database.
Originally by: Mus Muris
Whilst unlikely that there would be a problem it's fairly common practice to one-way-hash the passwords in the DB, then compare the hashed version. This is kind of security 101 and makes you worry about the rest of it! ;)
Originally by: Pang Grohl
CCP certainly never said that the passwords are stored as clear text, & I doubt they'd tell us how account passwords are stored anyway.
You can infer that by the fact that they were case-insensitve before. Change the case of letter and you would generally change the hash completely (e.g an MD5 or SHA1). Possible that the hash would just change case as well, but then it wouldn't be that secure anyway!
Case-insensitivity does not preclude data from being encrypted. If the SQL database is case-insensitive, all of the hashes created by the database are case-insensitive. The same goes for all of the hashes created by queries to the database. Otherwise when the case sensitivity was lost, all of us cautious people with mixed case passwords would not have been unable to login.
Not having an SQL Master's Degree, I learned this by googling "Microsoft SQL password case sensitive".
Ideologically it would be incredibly dumb 1) for Microsoft to allow un-encrytped authentication credentials in their flagship database product 2) for CCP to use an un-encrypted authentication method in the database supporting their product. I doubt that either Microsoft or CCP would be doing things that dumb. (well at least CCP wouldn't be)
Forum: A place where ideas come to prove their worth.
|
|
Valar
|
Posted - 2006.05.17 13:14:00 -
[24]
The claim that passwords are stored in clear text in the database is not true. We also do not save them in a decryptable format.
------
Valar
Database admin - Server operations team
CCP Games
How to write a good bugreport |
|
Fink Angel
|
Posted - 2006.05.19 16:38:00 -
[25]
LOL these forums never cease to amaze me. Even something as simple as telling the users the sensetivity of passwords starts off an argument! 
|
Mus Muris
|
Posted - 2006.05.19 18:42:00 -
[26]
Thank you for the response 
However do note it wasn't a claim - it was a legitimate question
|
|
|
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |