I remember reading on AGN somewhere that it's possible for someone to decrypt a .qst file and look at the password within. Is that really possible? I'm not asking how to do it, but I have a feeling it has to do with the hashing algorithm ZC uses...
Can it really happen?
Started by
sigtau
, Oct 27 2007 10:45 AM
6 replies to this topic
#1
sigtau
-
- Members
-
*sip*
- Real Name:Will
- Location:Spending too much time on this damn thing
Posted 27 October 2007 - 10:45 AM
#2
Eddard McHorn Van-Schnuder
-
- Members
-
smash the bye button
- Real Name:Ronny Wiltersen
Posted 27 October 2007 - 10:59 AM
Well, I don't know exactly, but I know of a ''program'', writtren in Python(I think), that does the trick... I won't mention the name though :/
#3
Bayta
-
- Members
-
Follower of Destiny
- Real Name:Robin Evans
- Location:Suffolk County, NY
Posted 27 October 2007 - 11:10 AM
Well I don't see why it can't be possible, but I think it would be extremely difficult. 
#4
CastChaos
-
- Members
-
Deified
Posted 27 October 2007 - 12:09 PM
Actually, Fatcat at AGN said that it's extreme easy finding out the password. So, always do everything in ZQuest with considering that somebody can open it someday without your known. For example, using your bank pin or such as a password is a fail big time.
#5
ShadowTiger
-
- Members
-
The Doctor Is In
Posted 27 October 2007 - 01:33 PM
Fatcatfan said that before the major rehash, where a certain program could easily find out the password to a 1.90, 1.92, or 2.10 quest.
The password format has changed since that discovery, and is now harder to crack due to additive dissonances. (... ... ... ... Heheheh. XD ^___^ )
So yeah, your quest is relatively safe. Still, use a password unique to your quest that you don't use anywhere else just in case. That's a "For all time" idea though.
The password format has changed since that discovery, and is now harder to crack due to additive dissonances. (... ... ... ... Heheheh. XD ^___^ )
So yeah, your quest is relatively safe. Still, use a password unique to your quest that you don't use anywhere else just in case. That's a "For all time" idea though.
#6
Koopa
-
- Members
-
The child behind the turtle
- Location:Switzerland
Posted 27 October 2007 - 01:39 PM
To clarify:
Up to and including 2.10, anyone can with a certain program read your quest passwords. Some people used their AGN forum passwords in their quests, resulting in more than one AGN hacking.
Moral: NEVER use a forum password for your quest.
From 2.11 betas on, there's a hash - it means it's almost impossible to extract your password if it's a good password. If it's a bad password, it can be crackd by just trying out passwords.
I recommend that even now, you NEVER use a forum password for your quest. In fact it's so important I'll repeat it again:
NEVER use a forum password for your quest.
Oh, and : developers can unlock quests even without the password.
Up to and including 2.10, anyone can with a certain program read your quest passwords. Some people used their AGN forum passwords in their quests, resulting in more than one AGN hacking.
Moral: NEVER use a forum password for your quest.
From 2.11 betas on, there's a hash - it means it's almost impossible to extract your password if it's a good password. If it's a bad password, it can be crackd by just trying out passwords.
I recommend that even now, you NEVER use a forum password for your quest. In fact it's so important I'll repeat it again:
NEVER use a forum password for your quest.
Oh, and : developers can unlock quests even without the password.
#7
Radien
-
- Members
-
Courage
- Real Name:Steve
- Location:Oregon
Posted 27 October 2007 - 03:03 PM
QUOTE(Koopa @ Oct 27 2007, 11:39 AM) 
Oh, and : developers can unlock quests even without the password.
Good thing ZC developers are trustworthy. I mean, with names like Phantom Menace and Dark Nation, how CAN'T you trust them?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
