View Full Version : Quest PW / Encryption Docs: Should it be available witht he souces?
ZoriaRPG
02-28-2017, 10:41 AM
Is there any present reason that I should not make the questfile password and encryption docs and PW clearing utility + source available?
DarkDragon
02-28-2017, 01:05 PM
For a while quest authors were very concerned about third parties "ripping off" their quest designs or tilesets, and felt strongly that it should not be too easy to strip passwords from quests.
Of course these days it is not difficult for anyone with some programming experience to compile ZC with password-checking disabled. That said, there is still some merit to leaving up a barrier (no matter how small) to people casually breaking into password-protected quests; ask on Pure, maybe?
ZoriaRPG
03-02-2017, 06:33 AM
Well, I know that there are always going to be people on Pure who live in a world where our idiotic hash system seems legitimate. This is primarily useful to questmakers who lose their passwords, developers and contributors who may need to examine quests; and anyone who wants to understand how the pw system works.
_Mitch made a decrypt utility at my request--with no source access--to help prove my point on that a little over a year ago. Along with that is his documentation on how the passwords work. I was considering supplying that documentation with the source. The decrypt tool as a binary, need not be distributed,. but we could include its source code, perhaps with some clean-up.
I could make a ZC base that ignores the password, of course, and if I wanted, I could make a new PW mechanism, but I wouldn't do that. All of this asset protection argument is just madness, in my eyes. Most of these people want to protect assets that aren't even their own, such as rips of commercial games, or modified rips. Madness.
I posted a link to the PW ZIP archive in the Skype chat, if you want to look through the files.
DarkDragon
03-08-2017, 05:23 AM
I agree that protecting quests today with passwords doesn't make much sense. But I think the people with the most reason to be upset are those who created quests protected by a password in the past, under the assumption that the quest would stay secure into the future.
ZoriaRPG
03-09-2017, 05:52 PM
I agree that protecting quests today with passwords doesn't make much sense. But I think the people with the most reason to be upset are those who created quests protected by a password in the past, under the assumption that the quest would stay secure into the future.
I understand. In the user community, this type of topic always devolves into a circular debate. I brought this up, because I just had a user support issue with a lost password. I was able to strip the password on one quest for the user, but the other file that he sent was seemingly corrupt (and only 176KB in size, which seems too small even for 1.84). I am mostly concerned with legacy user support, so that when quest authors who made quests with passwords want to go back and edit them, using a copy from the database, they can without needing to ask one of us to wipe the file.
I also do not have docs on password schemes for 1.90 or earlier, nor do I feel inclined to do cryptology on such old files just to improve the wiping tool to support them, so it is limited to 1.92 and later. You might want to go over it and if you still have files that relate to < 1.92 ZC versions, add in a routine to wipe those. ::shrug::
I'm still trying to schedule a week to work on ZC things this month, and it's a brutal time for me.
Eternal_Zunder
01-17-2018, 03:28 PM
Yeah I know I'm necro-ing this thread, so I'm sorry about that. About once a year or so I come back on to see if this "debate" has finally been solved. Zoria, are you aware that I also created a password scrubber as a single file python script and released it March 2015? I'm not going to link to it, but that's kind of pointless since you can find it with google REALLY easily. Is there currently a consensus on officially releasing a password scrubber?
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.