Up to Main Index Up to Journal for June, 2013 JOURNAL FOR WEDNESDAY 12TH JUNE, 2013 ______________________________________________________________________________ SUBJECT: Name? Password? Welcome... DATE: Wed 12 Jun 23:08:30 BST 2013 Last night I started work on player accounts and logging in. By the time I finished I had a hand written player save file - recordjar can only read .wrj files at the moment - and I could actually log in successfully. At the moment the sample player file looks like: Name: Diddymus Salt: biag4ooD Password: c63d9a92aa7043db07567f481fbce5dfc0ca679a7de2e451011676051e8d5e73 43af2c42af8096bcaf54beb5c381aa39fa84d8e5af9caa6b6a64a9aceaf25cc0 The password used is a salted[1] SHA-512 hash and is easy to create on the command line: echo -n "<salt><password>" | sha512sum The long password hash itself can be split over multiple lines and makes hand editing easier. For example the above could also be written as: Name: Diddymus Salt: biag4ooD Password: c63d9a92aa7043db 07567f481fbce5df c0ca679a7de2e451 011676051e8d5e73 43af2c42af8096bc af54beb5c381aa39 fa84d8e5af9caa6b 6a64a9aceaf25cc0 The actual logging in process was quite straight forward. Mainly due to the fact that I had already written the client in anticipation of interchangeable parsers. From the client code comments: // The idea here is to have a client that can talk to any parser. The parser // can be anything from a login, a menu system, a mini chat system or an // actual player session. A typical example usage might be connect and // attach to a login parser, once you get a successful login detach the // login parser and connect a player parser. That is exactly what I did - I just implemented a login parser. I think I spent more time getting the crypto and password validation working than I did on the new parser! So this evening I've been cleaning up the new code and sorting out a few niggles. Still more to go but getting there quite nicely and in the process I've had to tidy up some of the client package code as well. One thing I was considering - and would welcome some feedback on - was using something like email and password for logging in. Why? Well the details for logging in need to be unique. Using email and password instead of character name and password means character names do not need to be unique. After all how many John Smiths are there? So what do you think? Should character names be unique or should players differentiate themselves by gender, races, classes and equipment worn - maybe tattoos, scars, eye/hair colour as well? What do you think? Comments to diddymus@wolfmud.org please. -- Diddymus [1] Makes pre-computed rainbow tables useless and is good practice. Up to Main Index Up to Journal for June, 2013