Hompf Report post Posted August 27, 2012 Hello, I have not played EL in quite a while, and now i seem to have forgotten my password to log into the game. Is there any way of resetting the password? Thanks in advance, Hompf Quote Share this post Link to post Share on other sites
Usl Report post Posted August 27, 2012 You can request a password recovery service (which entails a $5 payment as administration fee) by contacting radu in-game, or Entropy in-forum. Either way, you might have to provide proof that you are the legitimate owner of the character, before the password is reset. This can be obtained from your logs, in some case, or by providing information that only the owner would know (e.g., where you last logged off, or what you had in storage/inventory, or a vague remembrance about the old password, etc.). Given that the Hompf character has pretty good attributes/levels, starting a new character is not an option, I'd say... Quote Share this post Link to post Share on other sites
Elke Report post Posted August 28, 2012 or a vague remembrance about the old password I severely hope that this single item from the things you mention does NOT hold true. Would be quite a blunder and unprofessional. Also admins must never be allowed to retrieve passwords - only to reset them. Quote Share this post Link to post Share on other sites
Devnul Report post Posted August 28, 2012 (edited) or a vague remembrance about the old password I severely hope that this single item from the things you mention does NOT hold true. Would be quite a blunder and unprofessional. Also admins must never be allowed to retrieve passwords - only to reset them. WTF?!?!? Are you (EL) storing passwords in plain text? Edited August 28, 2012 by Devnul Quote Share this post Link to post Share on other sites
Zaer Report post Posted August 28, 2012 I hope so it is very secure! Quote Share this post Link to post Share on other sites
Usl Report post Posted August 28, 2012 or a vague remembrance about the old password I severely hope that this single item from the things you mention does NOT hold true. Would be quite a blunder and unprofessional. Also admins must never be allowed to retrieve passwords - only to reset them. FYI, moderators can neither access nor retrieve nor reset passwords. Only radu can, and since he is the one writing the server code, it is rather immaterial whether he can see passwords or not - since he controls the code that does the authentication. Computer security is a serious discipline, don't be fooled by DOs and DON'Ts that may induce a false sense of security. The classic paper "Reflections on Trusting Trust" by Ken Thompson (originally published on Communications of the ACM, available at http://cm.bell-labs.com/who/ken/trust.html) might be worth a read. It is much safer to act on the assumption that the developer of the server where you are sending your credentials can at least intercept those credentials. That's why you should never re-use the same password on multiple systems. Having said this, I have no idea whether passwords are stored in plain text, or encrypted with some public key whose private key is jealously guarded by radu, or hashed with only hashes being stored, or encrypted with a random salt in the style of the original UNIX /etc/passwd (still used today in crytp() ), etc. But since the developer of the game (and owner of the server) has physical access to every bit of data pertaining to your character, whether the password is accessible to him or not is immaterial. The only risks that should be mitigated are (1) breach of server security, in which case the data your password is supposed to protect is exposed already, and (2) reuse of the same password on other sites/services, which can be mitigated (removed, really) by using a unique password for the EL server. Of course, the hosting service where the EL server runs also might have access to your bits, as well as your ISP and other intermediary providers, and of course the NSA, the CIA, the FBI, the Iranian Government, the Mossad, the Chinese firm who assembled your router, etc. Security is a matter of deciding who you trust, not of being safe :-) Having said this, I totally agree that storing/transmitting encrypted passwords is a better practice than storing/transmitting plaintext. But you do realize that having a working proxy is indistinguishable from having a men-in-the-middle attack... Quote Share this post Link to post Share on other sites
Hompf Report post Posted August 28, 2012 Fortunately i remembered my password. I am glad though to have sparked an interesting discussion Thanks for answering my question and elaborating on the issue Usl! Hompf. Quote Share this post Link to post Share on other sites
hussam Report post Posted August 28, 2012 well log on already Quote Share this post Link to post Share on other sites
Usl Report post Posted August 28, 2012 Fortunately i remembered my password. I am glad though to have sparked an interesting discussion Thanks for answering my question and elaborating on the issue Usl! Hompf. That's the best possible outcome! Quote Share this post Link to post Share on other sites