Jump to content

Photo

[IMPORTANT] Chat password information


  • Please log in to reply
2 replies to this topic

#1 sigtau

sigtau

    *sip*

  • Members
  • Real Name:Will
  • Location:Spending too much time on this damn thing

Posted 29 August 2014 - 11:20 AM

Hi PureZC, your IRC server owner here, with some important news regarding your NickServ passwords.  For those unfamiliar, the chat server memorizes users' nicknames by using a set of services packages called Anope.  These services are designed to run in the background constantly and assist with performing tasks such as registering channels (chatrooms), registering nicknames, and working with a limited set of built-in bot tools.

 

Recently, we were made aware of a bug in the version of Anope we were using on our old server.  Because our new server (New York datacenter) was made to match the old server's (Chicago datacenter) configuration, we used the exact same versions of our previous software and never looked back.  However, this version contained a bug that caused users who were trying to register channels to artificially hit the limit on the number of channels they were allowed to register, even if they weren't anywhere close to the limit.

 

Thus, we entered a maintenance period this morning to upgrade to the latest version of Anope.  When the upgrade was complete, the old services database was copied over and inspected; however, inspection revealed to myself and the other IRCops that since we'd not upgraded Anope in a year or so, due to a default setting in the old version, passwords were stored in base-64 plain text format.

 

First off, we want to emphasize that we have never been attacked nor have we ever experienced a security breach.  However, it would be a disservice to not tell our users what happened, and thus, we have set our database to automatically convert passwords from the old base64 format to a more secure salted sha256 password format.  As users /NS IDENTIFY their nicknames, register their nicknames, or change their password, the database will progressively be converted into the new format.  However, this means that you absolutely must log out and log back in on the chat server at some point in order to perform the conversion.

 

We have not and will not attempt to decode any passwords, no matter what format they are stored in.

 

Thus, we recommend that users immediately /NS IDENTIFY (or /NS LOGOUT followed by another /NS IDENTIFY if you are currently signed in) to convert their passwords to the latest format.  Services will automatically perform the conversion for us.

We also recommend that users who feel uncomfortable about their passwords having been stored in this format change their passwords if they so desire.  No new passwords will be recorded in the old format.

 

Thank you for flying Bladerock, and we are sorry for these embarrassing circumstances.  We strive to keep users informed about any privacy concerns they may have.


  • nicklegends and Evan20000 like this

#2 The Satellite

The Satellite

    May the way of the Hero lead to the Triforce.

  • Members
  • Real Name:Michael
  • Pronouns:He / Him

Posted 29 August 2014 - 07:13 PM

Just another note, you're going to also have to type "/ns set autoop on" in order to get your auto-voice/halfop/op/admin/owner in each channel now.


  • sigtau likes this

#3 trudatman

trudatman

    one point nine hero

  • Members
  • Real Name:that guy
  • Location:State Of Love And Trust, The United State Of Amorica.

Posted 30 August 2014 - 01:47 PM

whoosh.

 

/me looks up.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users