I remember reading on AGN somewhere that it's possible for someone to decrypt a .qst file and look at the password within. Is that really possible? I'm not asking how to do it, but I have a feeling it has to do with the hashing algorithm ZC uses...
Can it really happen?
Started by
sigtau
, Oct 27 2007 10:45 AM
6 replies to this topic
#1
Posted 27 October 2007 - 10:45 AM
#2
Posted 27 October 2007 - 10:59 AM
Well, I don't know exactly, but I know of a ''program'', writtren in Python(I think), that does the trick... I won't mention the name though :/
#3
Posted 27 October 2007 - 11:10 AM
Well I don't see why it can't be possible, but I think it would be extremely difficult.
#4
Posted 27 October 2007 - 12:09 PM
Actually, Fatcat at AGN said that it's extreme easy finding out the password. So, always do everything in ZQuest with considering that somebody can open it someday without your known. For example, using your bank pin or such as a password is a fail big time.
#5
Posted 27 October 2007 - 01:33 PM
Fatcatfan said that before the major rehash, where a certain program could easily find out the password to a 1.90, 1.92, or 2.10 quest.
The password format has changed since that discovery, and is now harder to crack due to additive dissonances. (... ... ... ... Heheheh. XD ^___^ )
So yeah, your quest is relatively safe. Still, use a password unique to your quest that you don't use anywhere else just in case. That's a "For all time" idea though.
The password format has changed since that discovery, and is now harder to crack due to additive dissonances. (... ... ... ... Heheheh. XD ^___^ )
So yeah, your quest is relatively safe. Still, use a password unique to your quest that you don't use anywhere else just in case. That's a "For all time" idea though.
#6
Posted 27 October 2007 - 01:39 PM
To clarify:
Up to and including 2.10, anyone can with a certain program read your quest passwords. Some people used their AGN forum passwords in their quests, resulting in more than one AGN hacking.
Moral: NEVER use a forum password for your quest.
From 2.11 betas on, there's a hash - it means it's almost impossible to extract your password if it's a good password. If it's a bad password, it can be crackd by just trying out passwords.
I recommend that even now, you NEVER use a forum password for your quest. In fact it's so important I'll repeat it again:
NEVER use a forum password for your quest.
Oh, and : developers can unlock quests even without the password.
Up to and including 2.10, anyone can with a certain program read your quest passwords. Some people used their AGN forum passwords in their quests, resulting in more than one AGN hacking.
Moral: NEVER use a forum password for your quest.
From 2.11 betas on, there's a hash - it means it's almost impossible to extract your password if it's a good password. If it's a bad password, it can be crackd by just trying out passwords.
I recommend that even now, you NEVER use a forum password for your quest. In fact it's so important I'll repeat it again:
NEVER use a forum password for your quest.
Oh, and : developers can unlock quests even without the password.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users