I agree about the SHA-0 part, but..... you can disable the connection encryption. I don't think an extra layer of protection is a bad thing.branan wrote:But at this point in the connection DH has been completed, so it's unnecessary and redundant. It might be a normal thing in some systems, but it's "weird" in the overall architecture of MOUL's network code. Beyond that, It's SHA-0 which no one should be using for anything ever.
If that were so, nobody would be able to log in with "normal" email addresses after using compute_auth_hash. It's tested, it works. Except for whatever verboten character JW used. The use of SHA is even in libPlasma.branan wrote:As for other things: I've verified in Cyan's client code that the initial hash is always SHA-1, regardless of normal or special.
Things develop by accretion, you know. Now, me, I would have called putting nul in place of the last character of the address and password the weird part.branan wrote:The username is part of the hash for email usernames, and not part of it for other special usernames as you said. (that's another one of those special/weird cyan netcode moments).