This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Eggdrop not encrypting passwds?

Old posts that have not been replied to for several years.
Locked
N
Nimo
Voice
Posts: 11
Joined: Sun May 04, 2003 8:29 am

Eggdrop not encrypting passwds?

Post by Nimo »

When I checked the userfile for one of my eggdrops I noticed that many of the passwords wasn't encrypted. It seemed like only the passwds that had been set via '.newpass' or '/msg bot pass' were encrypted, the passwds automatically setted by the bots when they link together were not either encrypted.
Passwds set via '.chpass' also seems to get unencrypted.

And yes, blowfish is loaded, so that's not the error.


What is causing this?


(I'm using eggdrop 1.6.13 and 1.6.15)

//Nimo
p
ppslim
Revered One
Posts: 3914
Joined: Sun Sep 23, 2001 8:00 pm
Location: Liverpool, England

Post by ppslim »

First off, the bots passwords are encrypted, however, you are forgetting that the bots would need to know the unencrypted versions for them to match :o

Instead, they use MD5 hashes mixed with key data to determine if they match.

So don't worry about that.

The other issue is more worrying however.

Does this only apply to bots, or if a user changes there password too?
N
Nimo
Voice
Posts: 11
Joined: Sun May 04, 2003 8:29 am

Post by Nimo »

ppslim wrote:First off, the bots passwords are encrypted, however, you are forgetting that the bots would need to know the unencrypted versions for them to match :o

Instead, they use MD5 hashes mixed with key data to determine if they match.

So don't worry about that.

The other issue is more worrying however.

Does this only apply to bots, or if a user changes there password too?



I think you missunderstood me about the bot-passwords, what I meaned was the password the bots set when they link to each other for the first time if they not already has a password set with '.chpass botname blahblah'.


It seems like it's just some handles that were added long time ago that never gets their password encrypted (no matter how they are changed), if I add a new user and sets a password it works and gets encrypted. It's just some handles that it seems like I will have to remove and then add again to get it working.
//Nimo
User avatar
De Kus
Revered One
Posts: 1361
Joined: Sun Dec 15, 2002 11:41 am
Location: Germany

Post by De Kus »

check exact which accounts have an unencrypted password. in my user file all accounts have encrypted passwords except bot 'user' records, they have generally unencrypted passwords.
De Kus
StarZ|De_Kus, De_Kus or DeKus on IRC
Copyright © 2005-2009 by De Kus - published under The MIT License
Love hurts, love strengthens...
Locked