Passwords?

[FrOzeN]

Username: AnX)Ghost(15@Lordaeron
Password: *MyndFyre removed to stop breaking tables*
Length of Password: 1016

Maybe there isn't even a limit? Strange huh.

[EDIT] I assumed it was 12 characters because of the TextBox (?) limit when typing in a password using StarCraft/BroodWar (The actual game, not a bot).

Sorry for table breakage, oh well.

[UserLoser]

Username: AnX)Ghost(15@Lordaeron
Password: *MyndFyre removed to stop breaking tables*
Length of Password: 1016

Maybe there isn't even a limit? Strange huh.

I thought this was already covered: there's no limit because it's sent as a 32 byte hash.

[FrOzeN]

Eh, I didn't realise that.

Could this be a way to flood Battle.net. By sending immensely oversized passwords rapidly?

[MyndFyre]

Username: AnX)Ghost(15@Lordaeron
Password: *removed because of table breaking*
Length of Password: 1016

Maybe there isn't even a limit? Strange huh.

I thought this was already covered: there's no limit because it's sent as a 32 byte hash.

*20-byte.  SHA-1 is 160 bit whether it's SHA-1 or X-SHA-1.  Interleaved SHA found in SRP generates a 320-bit hash (40-byte).

What is it the rest of you don't understand about this?  The plaintext password is never sent to Battle.net.

[UserLoser]

Eh, I didn't realise that.

Could this be a way to flood Battle.net. By sending immensely oversized passwords rapidly?

Your passwords is ran through a one-way hash function.  This hash function returns a 20 byte output.  The 20 byte output is recieved by server.  Size of the password doesn't matter.  You can have a blank password if you really wanted to

[MyndFyre]

You can have a blank password if you really wanted to

Since the hash output of SHA-1ing no data is always the same, I wonder if Bnet would notice.

[Newby]

Size of the password doesn't matter.

Can you elaborate as to why the length of a password in the Warcraft III game client is limited to 12 characters?

[Eric]

Size of the password doesn't matter.

Can you elaborate as to why the length of a password in the Warcraft III game client is limited to 12 characters?

To help keep people from forgetting an incredibly long password?

[Newby]

Size of the password doesn't matter.

Can you elaborate as to why the length of a password in the Warcraft III game client is limited to 12 characters?

To help keep people from forgetting an incredibly long password?

That's why there is password recovery.

[Joe[x86]]

Size of the password doesn't matter.

Can you elaborate as to why the length of a password in the Warcraft III game client is limited to 12 characters?

To help keep people from forgetting an incredibly long password?

That's why there is password recovery.

Eh, and then someone "forgets" their password a lot and this happens.

[Newby]

Eh, and then someone "forgets" their password a lot and this happens.

There's a massive difference between a DDoS (if you're saying there are lots of "someone"'s who manage to forget their password) and someone simply asking for the password recovery e-mail to be sent to their machine. One copy is enough, really.

[Joe[x86]]

How do you know that he didn't post on his blog, asking a lot of "someones" to intentionally "forget" their password at a specific time, and request an account recovery email?

[Newby]

How do you know that he didn't post on his blog, asking a lot of "someones" to intentionally "forget" their password at a specific time, and request an account recovery email?

There are much easier ways to DDoS a server.