If you've been around lately you may have noticed a lot of threads discussing password protection and an open source code release for Zelda Classic and its editor ZQuest.

This poll is to try and collect the raw numbers about passwords and their use in QST files.


Here are the facts:
1.) There IS a program available (somewhere) that lets anyone replace the hash of a password with the hash of a blank in the quest file, allowing anyone to open even protected quests.

2.) All of ZQuest's developers are on board with the removal of the password system, as it will streamline the release of the source code.

3.) There is an exploit that allows users to indirectly edit quests by abusing file names.

4.) AGN staff took the position that password protection was made available and should remain for the benefit of the community. However, due to 1 and 3 above, the only real protection for quests and their content is our connection as a community and our ability to shun users that misappropriate the work of others.


So... please select one of the poll options (if you use ZQuest to make custom games). You may elaborate in a reply if you so choose.


EDIT:
Quote Originally Posted by SUCCESSOR View Post
Okay there is some misinformation in this thread. The idea that we have to remove passwords to release the source is silly. Encryption can stay in. Yes someone can simply fork the code to bypass it, just as they can fork the code anyway, just like they can write a [really] simple script to overwrite password hashes. But for most people the main branch will still be just as password protected as it is now.

The AGN staff never agreed on any position on this topic. AGN staff and ZC Devs agreed that the community was not okay with releasing the code as is and that we should do whatever we can to protect quest encryption(an idea that has always been a catch 22). I have always supported releasing the code as is. Quest protection has never been secure and it has always been a bare minimum deterrent. If passwords were gone it would hardly change a thing, except maybe more people fixing bugs on their own to keep playing. Passwords can stay just stop pretending we are doing any service by removing the encryption code and delaying development. They will continue to serve bare minimum deterrent.

Just about any idea for reworking quest protection has been discussed and rule as easily bypass-able. The only thing that would be an improvement would be to make quests self contained games completely changing how the software(and community sharing) works.
I was under the impression that we had agreed that password protection would stay as a service to the community (as there was already the expectation that it was there). In the creation of this thread I may have paraphrased some of the issues incorrectly because I don't really understand file encryption, but it was never my intent to misinform anyone.
SUCCESSOR knows what's going on, though, so you should give his words more weight than mine.