• Welcome to Valhalla Legends Archive.
 

Passwords?

Started by FrOzeN, January 04, 2006, 11:46 PM

Previous topic - Next topic

FrOzeN

#15
Username: AnX)Ghost(15@Lordaeron
Password: *MyndFyre removed to stop breaking tables*
Length of Password: 1016

Maybe there isn't even a limit? Strange huh. :-\

[EDIT] I assumed it was 12 characters because of the TextBox (?) limit when typing in a password using StarCraft/BroodWar (The actual game, not a bot).

Sorry for table breakage, oh well.
~ FrOzeN

UserLoser

#16
Quote from: FrOzeN on January 06, 2006, 12:50 AM
Username: AnX)Ghost(15@Lordaeron
Password: *MyndFyre removed to stop breaking tables*
Length of Password: 1016

Maybe there isn't even a limit? Strange huh. :-\

I thought this was already covered: there's no limit because it's sent as a 32 byte hash.

FrOzeN

Eh, I didn't realise that.

Could this be a way to flood Battle.net. By sending immensely oversized passwords rapidly? :P
~ FrOzeN

MyndFyre

Quote from: UserLoser on January 06, 2006, 12:52 AM
Quote from: FrOzeN on January 06, 2006, 12:50 AM
Username: AnX)Ghost(15@Lordaeron
Password: *removed because of table breaking*
Length of Password: 1016

Maybe there isn't even a limit? Strange huh. :-\

I thought this was already covered: there's no limit because it's sent as a 32 byte hash.
*20-byte.  SHA-1 is 160 bit whether it's SHA-1 or X-SHA-1.  Interleaved SHA found in SRP generates a 320-bit hash (40-byte).

What is it the rest of you don't understand about this?  The plaintext password is never sent to Battle.net.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

UserLoser

Quote from: FrOzeN on January 06, 2006, 12:53 AM
Eh, I didn't realise that.

Could this be a way to flood Battle.net. By sending immensely oversized passwords rapidly? :P

Your passwords is ran through a one-way hash function.  This hash function returns a 20 byte output.  The 20 byte output is recieved by server.  Size of the password doesn't matter.  You can have a blank password if you really wanted to

MyndFyre

Quote from: UserLoser on January 06, 2006, 01:32 AM
You can have a blank password if you really wanted to
Since the hash output of SHA-1ing no data is always the same, I wonder if Bnet would notice.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Newby

Quote from: UserLoser on January 06, 2006, 01:32 AM
Size of the password doesn't matter.

Can you elaborate as to why the length of a password in the Warcraft III game client is limited to 12 characters?
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

Eric

Quote from: Newby on January 06, 2006, 06:28 PM
Quote from: UserLoser on January 06, 2006, 01:32 AM
Size of the password doesn't matter.

Can you elaborate as to why the length of a password in the Warcraft III game client is limited to 12 characters?

To help keep people from forgetting an incredibly long password?

Newby

Quote from: Lord[nK] on January 06, 2006, 06:49 PM
Quote from: Newby on January 06, 2006, 06:28 PM
Quote from: UserLoser on January 06, 2006, 01:32 AM
Size of the password doesn't matter.

Can you elaborate as to why the length of a password in the Warcraft III game client is limited to 12 characters?

To help keep people from forgetting an incredibly long password?

That's why there is password recovery.
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

Joe[x86]

Quote from: Newby on January 06, 2006, 09:49 PM
Quote from: Lord[nK] on January 06, 2006, 06:49 PM
Quote from: Newby on January 06, 2006, 06:28 PM
Quote from: UserLoser on January 06, 2006, 01:32 AM
Size of the password doesn't matter.

Can you elaborate as to why the length of a password in the Warcraft III game client is limited to 12 characters?

To help keep people from forgetting an incredibly long password?

That's why there is password recovery.

Eh, and then someone "forgets" their password a lot and this happens.
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

Newby

Quote from: Joe on January 06, 2006, 10:37 PM
Eh, and then someone "forgets" their password a lot and this happens.

There's a massive difference between a DDoS (if you're saying there are lots of "someone"'s who manage to forget their password) and someone simply asking for the password recovery e-mail to be sent to their machine. One copy is enough, really.
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

Joe[x86]

How do you know that he didn't post on his blog, asking a lot of "someones" to intentionally "forget" their password at a specific time, and request an account recovery email?
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

Newby

Quote from: Joe on January 07, 2006, 03:39 PM
How do you know that he didn't post on his blog, asking a lot of "someones" to intentionally "forget" their password at a specific time, and request an account recovery email?

There are much easier ways to DDoS a server.
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.