Eggdrop not encrypting passwds?

[Nimo]

When I checked the userfile for one of my eggdrops I noticed that many of the passwords wasn't encrypted. It seemed like only the passwds that had been set via '.newpass' or '/msg bot pass' were encrypted, the passwds automatically setted by the bots when they link together were not either encrypted.
Passwds set via '.chpass' also seems to get unencrypted.

And yes, blowfish is loaded, so that's not the error.


What is causing this?


(I'm using eggdrop 1.6.13 and 1.6.15)

//Nimo

[ppslim]

First off, the bots passwords are encrypted, however, you are forgetting that the bots would need to know the unencrypted versions for them to match

Instead, they use MD5 hashes mixed with key data to determine if they match.

So don't worry about that.

The other issue is more worrying however.

Does this only apply to bots, or if a user changes there password too?

[Nimo]

First off, the bots passwords are encrypted, however, you are forgetting that the bots would need to know the unencrypted versions for them to match

Instead, they use MD5 hashes mixed with key data to determine if they match.

So don't worry about that.

The other issue is more worrying however.

Does this only apply to bots, or if a user changes there password too?

I think you missunderstood me about the bot-passwords, what I meaned was the password the bots set when they link to each other for the first time if they not already has a password set with '.chpass botname blahblah'.


It seems like it's just some handles that were added long time ago that never gets their password encrypted (no matter how they are changed), if I add a new user and sets a password it works and gets encrypted. It's just some handles that it seems like I will have to remove and then add again to get it working.

[De Kus]

check exact which accounts have an unencrypted password. in my user file all accounts have encrypted passwords except bot 'user' records, they have generally unencrypted passwords.