There is no “pay to play” on Ultima Online Forever. Ultima Online Forever has an active community with more than 800 players and a lively Discord. However, the risk comes with great reward. Only within the city limits is a player safe. There are no luck or lower reg cost suits. There are no bags of sending or insurance on items. What you won't find on Ultima Online Forever is Trammel or a broken economy. Hunt in the original dungeons that we all remember and cherish, or in one of the shard's several unique dungeons. Join Militias and fight others while earning your guild rewards. Hunt monsters on contract to reap great rewards. Raise a dragon or spider pet from an egg. Here you can explore the darkest and dankest of dungeons or sail across the world on a large galleon to fish and find treasure – while dodging pirates along the way.Ī land where you can choose to be a stalwart defender who uses the force of their arms and armor to protect those around you, or a despicable villain who preys on those who take a wrong turn into danger. Build and decorate a home, whether a small fishing shanty by the water, or a castle in the mountains. It's a world where your character can craft their own weapons, armor, potions, and equipment. It's a world where players can be what they want – a mage, a fighter, a crafter, a tamer of beasts or a pirate. Ultima Online Forever is more than a game. Just to be safe and ServUO is not permanently encrypting passwords, so the performance regeression of using SHA1, SHA256 or SHA512 is not messurable with cpus of the last 8 years.On January 18th, 2013, Ultima Online Forever was launched providing players from around the globe a free shard that pays homage to the Renaissance era of the original Ultima Online with all of its nostalgia, while always building on and expanding the game to offer new and exclusive content. I thought implementing SHA512 instead of SHA256 is a better idea. Keep in mind its an offer to the server admin, if you've concerns about memory used by a 4 times bigger account file, stay with the default, no change is needed. If everyone wants to see SHA256, I'm willing to implement this too. However I see your concerns, I replied to the concerns. Please go ahead if you've more scenarios. Creating accounts with SHA1 password and upgrade afterwards, initial creating of SHA512 accounts. I've tested this with 3 accounts (I'm not submitting code that I'vent tested before). It won't work backwards as it doesnt with SHA1 to MD5. If anyone sets it from SHA1 to SHA512 it will upgrade the passwords on login, same as it does before with MD5 to SHA1. Right now the merge does not change anything in case of account handling or encryption. ![]() MD5 is no go and SHA1 is known to be vulnerable to collisions. However keep in mind Server Client communication stays unencrypted and is absolutely vulnerable to man in the middle attacks as client encryption is removed. Change it back to NewCrypt (SHA1) in Accounts.cfg if you're in need of SHA1. NOTICE: SHA512 is the new default if you replace Config/Accounts.cfg. Passwords are automatically converted from SHA1 to SHA512 after logon and next save. Password-System requires complete rework (I will do this) for proper salting (generating 'random' salt on first run) and better readability. His original message from the pull request: Although Dexter tagged others for review it might not be very well known.ĭoes anyone have any thoughts on why this would be a bad idea? Should it get implemented to offer the best possible protection? Is everything fine the way it is? Submitted this pull request about a month ago.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |