Up to Main Index                              Up to Journal for June, 2013

                    JOURNAL FOR WEDNESDAY 12TH JUNE, 2013
______________________________________________________________________________

SUBJECT: Name? Password? Welcome...
   DATE: Wed 12 Jun 23:08:30 BST 2013

Last night I started work on player accounts and logging in. By the time I
finished I had a hand written player save file - recordjar can only read .wrj
files at the moment - and I could actually log in successfully. At the moment
the sample player file looks like:


      Name: Diddymus
      Salt: biag4ooD
  Password: c63d9a92aa7043db07567f481fbce5dfc0ca679a7de2e451011676051e8d5e73
            43af2c42af8096bcaf54beb5c381aa39fa84d8e5af9caa6b6a64a9aceaf25cc0


The password used is a salted[1] SHA-512 hash and is easy to create on the
command line:


  echo -n "<salt><password>" | sha512sum


The long password hash itself can be split over multiple lines and makes hand
editing easier. For example the above could also be written as:


      Name: Diddymus
      Salt: biag4ooD
  Password: c63d9a92aa7043db
            07567f481fbce5df
            c0ca679a7de2e451
            011676051e8d5e73
            43af2c42af8096bc
            af54beb5c381aa39
            fa84d8e5af9caa6b
            6a64a9aceaf25cc0


The actual logging in process was quite straight forward. Mainly due to the
fact that I had already written the client in anticipation of interchangeable
parsers. From the client code comments:


  // The idea here is to have a client that can talk to any parser. The parser
  // can be anything from a login, a menu system, a mini chat system or an
  // actual player session. A typical example usage might be connect and
  // attach to a login parser, once you get a successful login detach the
  // login parser and connect a player parser.


That is exactly what I did - I just implemented a login parser. I think I
spent more time getting the crypto and password validation working than I did
on the new parser!

So this evening I've been cleaning up the new code and sorting out a few
niggles. Still more to go but getting there quite nicely and in the process
I've had to tidy up some of the client package code as well.

One thing I was considering - and would welcome some feedback on - was using
something like email and password for logging in. Why? Well the details for
logging in need to be unique. Using email and password instead of character
name and password means character names do not need to be unique. After all
how many John Smiths are there? So what do you think? Should character names
be unique or should players differentiate themselves by gender, races, classes
and equipment worn - maybe tattoos, scars, eye/hair colour as well?

What do you think? Comments to diddymus@wolfmud.org please.

--
Diddymus

  [1] Makes pre-computed rainbow tables useless and is good practice.


  Up to Main Index                              Up to Journal for June, 2013