quote:
As for avoiding my server. Please do. Saves me the trouble of locking you out for complaining too much and leaving little presents all around the game that annoy the other players. Yes, got your number already. already locked a couple out that do exactly what you are doing now. It annoys the players, takes away from the game.

JP is in our crowd as well and has already nixed most or your ideas. Yes, I understand what is going on much better than you do now. Hopefully, you will catch on someday and stop this nonsense.


I still have no idea what you are talking about and what this has to do with game passwords.

Pretty sad if you lock people out simply for complaining, or dropping "presents" whatever the hell those are. I'm guessing whatever you are talking about though doesn't annoy me, and it doesn't annoy a lot of other people either. It's part of the game. All I see is you trying to run your little server with an iron fist with 10 million rules because it makes you feel big and important that way.

And whatever you are talking about regarding JP nixing my ideas, not sure what that means either. What ideas have I had besides this one and which ones has he nixed?

You and him must be pretty close for you to be able to speak for him.

Okay, I think the topic has gone from a good suggestion for a feature change in TWGS to silly ad hominem attacks.

Yes, I said it's a good suggestion, even though I don't see any need for such a change. There's a couple things I'd like to point out regarding encrypting passwords.

1) Telnet is not a secure connection so you won't -actually- have encrypted passwords. Anyone on the server side or anywhere in between monitoring the connection will still be able to see the characters you type in during password verification.

2) Although the number of standalone TWGS are greater than TWGS sitting behind BBSes, in situations like uhndagrowhn, password encryption would not save you from the sysop having access to the password you type during login since keystroke logging can be enabled.

3) Unless you want to get -really- high tech regarding the encryption algorithm, almost anyone with decent computer skills will be able to crack it sooner or later. An example is EleqTrizi'T breaking the ZOC script encryption routine in under a day. And there's no sense in getting too high-tech for a ANSI based text game.

4) People have been asking why a ServOp needs access to a players password. Like I said in an earlier post, I don't have any strong answers why I need access to a password. On the other hand, I haven't heard any strong reasons why I shouldn't have access to a password.

Either way, it's really no skin off my nose since I rarely ever even open the TWGS window, let alone use TEDIT, except when banging new games. Other than game rebangs, the system is left untouched. (The server doesn't even have a monitor, keyboard or mouse attached... it's all handled through a VNC connection.)

Anywho, that's some of my thoughts regarding password encryption.


Lisa M. Wilson
aka Rave
uhndagrowhn bbs

uhndagrowhn bbs
telnet://uhndagrowhn.merseine.nu

quote:
Okay, I think the topic has gone from a good suggestion for a feature change in TWGS to silly ad hominem attacks.
Anywho, that's some of my thoughts regarding password encryption.


Couldnt that have been enough? .. lol
I think this topic should be closed.. Dhunt and Survey seem to dislike each other .. Survey is a new style player and understands that 1 mine and 1 def fig in a sector isnt an annoyance .. it's a style .. dhunt just remembers the day where everyone built for 6 months .. the one with the most exp won ..
noone ever killed anyone .. still .. they shouldnt be bitching at each other ....

as for your comments rave .. yea I think we all have the knowledge to watch the keystrokes .. but on most systems .. you'll not be able to see the letters because the system is fast enough to change the txt .. I dont think the problem is encryption .. the problem is keeping your password safe .. if player x wants to use 1 password for EVERY game he plays .. then he should be allowed to do that with 20 or 30 ops eventually having access to look at it .. There are ops out there that would use this data .... I think it does actually come under illegal grounds .. but taht's another story .. just remove the password .. let it be reset to a password of the ops choice ..and that'll make most ppl feel better .. becase it's local it would be easy for a op to hack the account anways .. and the player will never know .. but ...
end of story ..
********


<<Doctor Who>>

Just for the record i do not drop mines in open space unless I really dislike someone.

And if mines and figs everywhere bothers people then maybe John needs to think about taking the grimy trader out of the game. It doesn't take a script to grimy someone and then go photon them. People don't drop figs to be annoying, they drop them so they won't be killed. If a server does not allow this then I see a potential problem.

bitching = arguing. We like each other... seriously. We just happen to disagree on almost every part of this game except the fact we both enjoy playing it.

quote:1) Telnet is not a secure connection so you won't -actually- have encrypted passwords. Anyone on the server side or anywhere in between monitoring the connection will still be able to see the characters you type in during password verification.

Good point.

quote:2) Although the number of standalone TWGS are greater than TWGS sitting behind BBSes, in situations like uhndagrowhn, password encryption would not save you from the sysop having access to the password you type during login since keystroke logging can be enabled.

Again, good point.

quote:3) Unless you want to get -really- high tech regarding the encryption algorithm, almost anyone with decent computer skills will be able to crack it sooner or later. An example is EleqTrizi'T breaking the ZOC script encryption routine in under a day. And there's no sense in getting too high-tech for a ANSI based text game.

True, but just the presence of the encryption is enough to stop the regular password stealin kind...

quote:4) People have been asking why a ServOp needs access to a players password. Like I said in an earlier post, I don't have any strong answers why I need access to a password. On the other hand, I haven't heard any strong reasons why I shouldn't have access to a password.

You're right. But personally, I'd rather not have access (as a servop and a gamer) to other passwords. I don't feel comfortable with that information being available...

--------------------------
~~ XenoPhage ~~
--------------------------

quote:
Just for the record i do not drop mines in open space unless I really dislike someone.

And if mines and figs everywhere bothers people then maybe John needs to think about taking the grimy trader out of the game. It doesn't take a script to grimy someone and then go photon them. People don't drop figs to be annoying, they drop them so they won't be killed. If a server does not allow this then I see a potential problem.

bitching = arguing. We like each other... seriously. We just happen to disagree on almost every part of this game except the fact we both enjoy playing it.




On that I can agree with. Nothing personal as long as it don't get personal


Visit slbbs.com port 2002 for a rip roaring game of TW where you also have to battle the Klingons, Romulans, Orians and the Borg.

Who cares!! I've just sit here and read some of the most useless stuff ever. This game is OLD, if you want to play it you need to deal with certain things. one in this case is the passwords being available to the sysop. This game was written when people dialed up with 1200 bps modems for 20 minutes to play games and write posts, not when we all went online to pay bills and checked checking account balances. If you buy an old house you will have problems, there will be certain things that you will not have just because it was designed for a different techno era. I dont mind it, I use different passwords, if you are playing 4000 different games, first of all you need a life, then you need to take responsibility to make sure you have made your password as secure as you can possibly make it. Someone hosting a game on telnet does not care about 100 percent security, they are hosting the game because they know you love it and they equally love it. They want you to enjoy something from the past. Can't we all just get along!

Why are you replying to a post thats over a year old??

LOL

I realize the last real post on this topic is over a year old, but I'm chiming in anyway. Putting aside all the arguments on various things, the main question seems to be: Why would a sysop need to see users' passwords?

Personally, I find it fairly useful in checking for dupes. Chances are (again, 'chances') that dupes will use the same password on their multiple accounts to avoid confusion, or because they're too lazy to actually write down the different passwords (after all, if they WEREN'T lazy they would probably play in a more honest fashion).

Naturally, this would be a VERY daunting task (read: no way in hell) if you have a large number of users; and yes I take into account whether or not the password is simple enough for another legitimate player to have actually chosen it.

When the day comes that I have too many users to use this method...it won't matter to me how the passwords are stored.