hello i created in register.bat a new account : 123456789123456
in the databaze there is too account name : 123456789123456
but if i log in and write the account and click login it give error wrong pass / user
and in login server console it write : missing data for account : 12345678912345 ---> its missed the last ( 6 )
so where i can change the l2j account lenght to increase it . or how fix this .
Help me please i want do it today :/
Help - Account problem
Forum rules
READ NOW: L2j Forums Rules of Conduct
READ NOW: L2j Forums Rules of Conduct
-
repxl
- Posts: 207
- Joined: Wed May 20, 2009 8:29 pm
Help - Account problem
"Code is exactly like shit - you don't mind cleaning it when its yours, but when it isn't... fuck its annoying." - By the Almighty ZaKaX
-
nBd
- L2j Inner Circle
- Posts: 350
- Joined: Wed Jun 07, 2006 2:26 pm
Re: Help - Account problem
It Client Side limited.
<ZaKaX> Ohh nBd, you're so professianal with your analconda.
-
issle88
- Posts: 36
- Joined: Sat Apr 01, 2017 2:35 pm
Re: Help - Account problem
You can create your own secondary "login" / "lock" system after the char logs in via html bypasses. Block all packet types except from the html bypass till he bypasses the correct username/password. The only problem is the password he will send via html wont get encrypted client side so you will have to encrypt it server-side to compare it with the encrypted password string in the database.
-
repxl
- Posts: 207
- Joined: Wed May 20, 2009 8:29 pm
Re: Help - Account problem
aha Issle i dont really understood what you wrote . but it,s okey 
Btw and you know so client side acc name limit is 14
password client side is how mutch ? 18 or 20
and l2jserver support how long account name and account password ? : can someone write me this infos ?
Btw and you know so client side acc name limit is 14
password client side is how mutch ? 18 or 20
and l2jserver support how long account name and account password ? : can someone write me this infos ?
"Code is exactly like shit - you don't mind cleaning it when its yours, but when it isn't... fuck its annoying." - By the Almighty ZaKaX
-
qwerty13
- Posts: 640
- Joined: Mon Feb 02, 2009 9:57 am
- Location: Europe
- Contact:
Re: Help - Account problem
one question - is a big problem to you using more short account name?
-
repxl
- Posts: 207
- Joined: Wed May 20, 2009 8:29 pm
Re: Help - Account problem
no its just better to know and not only me . then other ppl can too search it . because thinks im asking are not here so it will just rich the l2j forum . you know im not the type of men when someone say me use just 1 leg then i will allways use just 1 leg and no know why no other leg too use i know its a bad example but im trying to explain someting .qwerty13 wrote:one question - is a big problem to you using more short account name?
"Code is exactly like shit - you don't mind cleaning it when its yours, but when it isn't... fuck its annoying." - By the Almighty ZaKaX
-
issle88
- Posts: 36
- Joined: Sat Apr 01, 2017 2:35 pm
Re: Help - Account problem
What i was trying to say is that you can create a second authentication system for a character after he gets logged in. For example :
--->Login ---> Paralized state --> authentikate via html message --> unparalize state. Something like this in plain words.
Regarding security issues there are two things concerning passwords/usernames:
1)Attacker tries combinations on login server in fixed intervals ( brute forcing ).
The delay imposed by the latency of the communication, makes it practically impossible to find an account that has over 8 digits ( even numbers ... ).
2)Attacker has gained access to the database and has the encrypted hashes of the passwords.
If the passwords are over 8 digits and they contain leters, numbers, and capital leters then its impossible to find the password with a home-made cuda cluster. For example, when L2sgh database got leaked, we tried to hack some admin passwords. The easy ones ( numbers ) took my 260 GTX SLI about 15 minutes to get decrypted. But passwords with 10 digit length containing leters and capitals needed months to be decoded.
All in all there isnt any risk with the current password system.
--->Login ---> Paralized state --> authentikate via html message --> unparalize state. Something like this in plain words.
Regarding security issues there are two things concerning passwords/usernames:
1)Attacker tries combinations on login server in fixed intervals ( brute forcing ).
The delay imposed by the latency of the communication, makes it practically impossible to find an account that has over 8 digits ( even numbers ... ).
2)Attacker has gained access to the database and has the encrypted hashes of the passwords.
If the passwords are over 8 digits and they contain leters, numbers, and capital leters then its impossible to find the password with a home-made cuda cluster. For example, when L2sgh database got leaked, we tried to hack some admin passwords. The easy ones ( numbers ) took my 260 GTX SLI about 15 minutes to get decrypted. But passwords with 10 digit length containing leters and capitals needed months to be decoded.
All in all there isnt any risk with the current password system.