Autorization of Name/Password Failed at Login
Resently my HD crashed and had to make a fresh install of XP. Tribes 2 is on a separate hard drive and was untouch, but I was unable to get the game running. I don't know if I screwed up here but I downloaded and reinstalled useing the TribesNext_rc2a.exe file. No problem here. Tribes 2 responed but I was unable to login. The aurtherization advised that I was useing an incorret user name or password. This is not a case of forgetting this information. I know my password and I am useing the same warrior name I have always used. I tried to create an account useing the same warrior name "]-[barr", but was rejected because it was already in use. Fortunetly I was able to create another account, which got me into the game right away. I still would like to get my original warrior name back. Any suggestions
This discussion has been closed.
Comments
...not that I have any idea how this s*** works.
If you have indeed forgotten your password, you will not be able to recover your original account. There is nothing anyone can do about that, since the account server does not have recoverable versions of your passwords necessary to decode the private account keys.
Thyth I do not wish to appear that I am arguing with you, but I have not forgotten my password. I suppose there is no way to produce hard evidence to support my statement, short of leaping to the past and taking you with me to witness the original application. I will state, however, that the password is the password I have used since purchasing Tribes2. In addition the password is a combination of my initials and, for the want of a better description, my employee number. In other words not likely a password I would forget. The warrior name ]-[barr is too unique to forget and I fail to understand why the insistence that I have forgotten either is the first thing that is considered. Is it at all possible to clear the sever records of "]-[barr" so that I can reapply for the credentials using that name? All I would really want is to get the warrior name "]-[barr" back. If it is not possible, oh well, that's life.
When you generated your account, your client(!) computed a SHA1 operation on the password you selected and sent it to the account server. The account server has stored (and never altered) the original hash sent by your client, and uses it to verify you have the passwords for download authorization requests. The account server never handles an unhashed password directly.
If you're interested in attempting to recover your account password, I can provide you with the SHA1 hash of your username and password stored by the account server. These hashes cannot be inverted directly, and must be brute forced in a forward manner to recover the actual password. The server stores sha1("3.14159265" . lowercase(username) . password), which as mentioned above is computed by the client and simply stored by the account server.
For example. A user with account name 'User' and password 'password' would have sha1("3.14159265userpassword") stored, which is 08445a31a78661b5c746feff39a9db6e4e2cc5cf. If you're given that hexadecimal hash, and try all possible passwords, you'll eventually find the source input to SHA1 that matches your data. SHA1 is industry standard for this purpose, so I'm sure you can find utilities online to perform this task.
Deciphering your password in this manner is the only way you'll be able to recover your account... short of remembering what you actually entered in when you made the account (and yes, I'm still sticking to the 'lost password' explanation).
For certain architectural and performance reasons, deleting an account is not feasible, so making the name available again is not possible. I'll PM you your SHA1 hash if you're interested, but otherwise, consider it unrecoverable.
Oooooo, ouch! Apparently you were posting as I was writing this post and I missed reading your post until I posted. Hmmmm, is that understandable, hmmm. Well anyway I/m sorry to hear there is no way to clear the records of the ]-[barr entry. I guess that was my last hope, but dose the above have a possibility? As far as breaking down the SHA1 hash I appreciate that but I think is it a little beyond my knowledge.
If so, I would guess that maybe it was originally incorrect and now you are typing the correct password multiple times.
In this case, try it WITH the caps lock on, and by varying different characters with nearby ones, etc. This cuts the pool of passwords you need to attempt to use when brute-forcing things.
Well, there are still 161 ways you can use [, ], and | to make an H, if you're willing to use - or -- for the crossbar. If you're willing to use (, ), {, and } also, your possibilities shoot up to 1249. I don't think you'll be running out of ways to make your sparkly H anytime soon.
;D ;D ;D Yippy!!!! :-* :-* :-* ::)
I was running diagnostics on a cluster, and decided to run your SHA1 through my distributed cracker for testing. It took about 2906 computer hours to brute force over the possible search space on a reasonably fast cluster (so, I'm not repeating for anyone else who loses their password).
Join IRC if you want the password to this account, Hbarr.
The only reason I did this is for absolute (and public) demonstration that the only way you lose access to an account is by losing the password. Let this be a lesson to anyone else who forgets their password: lose the password and you lose the account.