dont release PASSWORDS

[shakey1]

"we will be releasing the source code, and anonymized players data (encrypting personal account data)"

[Slyox]

passwords are saved as hashcodes, even if i would have your hashcode of the passcode, i couldnt log in. Get down mate.

[Elu]

But it does let people try to bruteforce passwords.

I hope they at least remove the emails, because I'm sure a lot of people are stupid enough to use the same password for their emails and nost accs.

[r00ty]

Probably the best way to make it possible to recover accounts without giving away anything useful would be to only supply account id (to connect to character DB), hash of account name and hash of email address. No password hashed or otherwise.

That way, someone picking up the database could offer a form where a player enters their login name, and email address. The hash for both would match only one record. They could then build a new real record with the entered data (after email verification of course) and set a new password.

That's one way at any rate, which would preserve anonymity but provide a way to recover your account.

Character database I could would need to be clear text, so you could link characters to a single account. Actually that could be "kinda" anonymized I guess.

At any rate, provided they do it right, they CAN make your data recoverable without even disclosing your password hash. So, sit easy

[Plask]

passwords are saved as hashcodes, even if i would have your hashcode of the passcode, i couldnt log in. Get down mate.

Passwords under 8 digits without special chars are fairly easy to bruteforce

[r00ty]

passwords are saved as hashcodes, even if i would have your hashcode of the passcode, i couldnt log in. Get down mate.

Passwords under 8 digits without special chars are fairly easy to bruteforce

Yeah, it's made worse by the fact that passwords aren't case sensitive for Blizzard logins.

[Plask]

passwords are saved as hashcodes, even if i would have your hashcode of the passcode, i couldnt log in. Get down mate.

Passwords under 8 digits without special chars are fairly easy to bruteforce

Yeah, it's made worse by the fact that passwords aren't case sensitive for Blizzard logins.

If the pws are just hashed i will brute my friends pws and fuck with them for fun. Srs note though some ppl have same pw for EVERYTHING.. Im happy i dont

[Snagprophet]

This is why I use different passwords on here, that I wouldn't use on email or Facebook etc. I don't mind if I lose a vanilla account but I'd hate to have everything else compromised.

[Aslan]

What about previous passwords that were changed to new ones?

[Codeine]

passwords in the database are encrypted, or they should be.