Invalid Password

After I installed a new version of the multiplayer patch i had to retrieve my account (Account name + password needed). It downloaded the account data but I can't login. I use the same password as I used for retrieving the account but when I try to login it doesn' accept the password (Invalid password)

Comments

  • What type of bit key did you generate for your account? (1024, 512, 256)
  • the default one. It was the lowest, not 256 though.

    RSA-512
  • Im having the same problem. I think it's not a good idea for the tribesnext servers to exclusively let tribesnext clients join, because for now, it's basically a proof of concept. The only reason I can think of to force people to not join is to force them to download the patch. If the patch is not working right, or if it's a beta, I think it's a good idea that there is a sense of backwards compatibility in order for other people who's patches are not working can not feel out of the parties.
  • Same problem here. Can retrieve my account, but I can't login. It also won't let me create a new account, since the server is refusing the request for some reason.

    Maybe it's a serverside issue?
  • I think this is a bug in the login code that affects roughly 1/16th of the accounts. After that's fixed, it you should be able to perform the login operation on the existing account.

    I'm investigating the problem now.
  • After that's fixed, it you should be able to perform the login operation on the existing account.

    Any more info on this? I'm still unable to login. No rush, just curious. :D
  • This was fixed in an update a few days ago - try reinstalling the patch.
  • This was fixed in an update a few days ago - try reinstalling the patch.

    I'm having the same problem, with the most current patch installed. The game ran fine until I tried to join a server, then it crashed. On trying to restart, my username (Mo_Steel) shows up in the dropdown box, but it says the password I'm using is wrong when I know it is not. Further, if I try to retrieve the account option it says my username isn't stored locally when it clearly is in the dropdown menu. I used the 768 encryption.
  • This was fixed in an update a few days ago - try reinstalling the patch.

    I'm having the same problem, with the most current patch installed. The game ran fine until I tried to join a server, then it crashed. On trying to restart, my username (Mo_Steel) shows up in the dropdown box, but it says the password I'm using is wrong when I know it is not. Further, if I try to retrieve the account option it says my username isn't stored locally when it clearly is in the dropdown menu. I used the 768 encryption.

    I am having the exact same problem. My game didn't crash when joining a server, though. It told me that I failed to join the IRC channel, so I wanted to restart the game. I downloaded the game and patch today (Jan 6, 2009). I used the highest form of encryption (which apparently, upon further investigation, may have been a bad idea). Is there any kind of server-side reset you guys can do for our accounts? My account in-game is Denalin. If needed, I can send you my password in a private message or something.

    By the way, YOU GUYS ROCK! Tribes 2 is, bar none, my favorite game of all time, thank you so much for your dedication and hard work!
  • IRC is not currently used, though the files may still be loading when the game starts. If it gives you an error message related to it, you can ignore it.

    What I want you guys to do is browse into your Tribes 2/GameData/ directories and delete two file:
    public.store
    private.store

    Once you've done this and you triple-check that you have the latest patch version, use the retrieve account option to download fresh copies of your key.
  • Krash, I've followed your procedure and am told that my credentials are incorrect, and that I should check my Username/Password. I'm 99% sure that I'm typing in the right stuff... and I know I typed it in correctly during registration, I had to do it twice! Still... I may be wrong about this and perhaps messed up on typing my password two times in a row, that would be very embarrassing...
  • My password contains symbols, could that be confusing the encryption, or something?
  • A symmetric stream cipher is used to encrypt the private exponent. The same function is used for decryption and encryption, and includes a SHA1 step on whatever used as the password.

    You can open your private.store file and make sure that there is a 40 byte blob of hex, a colon, followed by a much longer blob of hex.

    Additionally... if you back up and remove the two store files, you can try an account credential download. We had an early bug (long resolved) where an account would download successfully, but the last byte of the stream cipher would be corrupted.

    If the authentication server reports an incorrect password, then chances are you made a character transposition, or some other typo twice when entering your password. The account server stores a salted SHA1 sum of your password as part of an HMAC-type exchange.
  • Thyth, I have tried tens of combinations of possible typos and cannot find a single one that will log me in... Does TribesNext plan on implementing a password reset function at any time in the future? I'm so bummed that I can't get on! Is it possible to delete my account so that I can register it again? If not, I guess I can just spend this week promoting TribesNext!
  • Thyth, I have tried tens of combinations of possible typos and cannot find a single one that will log me in...

    Couldn't figure mine out either. Must just be unlucky I suppose
  • IRC is not currently used, though the files may still be loading when the game starts. If it gives you an error message related to it, you can ignore it.

    What I want you guys to do is browse into your Tribes 2/GameData/ directories and delete two file:
    public.store
    private.store

    Once you've done this and you triple-check that you have the latest patch version, use the retrieve account option to download fresh copies of your key.

    That did the trick. Thanks, guys. :)
  • I had the exact same problem last night logging on, yet couple of days ago no issues. Not sure what exactly happened between two days ago and last night, but will try removing these files and see if that lets me back in.

    Thanks!
  • Well, can anybody help?
  • I've done everything listed here so far, from trying to retrieve the account to making sure my patch is updated. There is no chance of the password being different from what I am typing. Just to make sure, what is the latest patch version and is there anything else I can do to attempt to pull back my account?
  • If the authentication server won't send you the account when performing retrieval, the entered password is not the same as the one used during account creation. Period.

    I should also mention... the authentication server doesn't ever see your password, nor does it store your passwords in any easily recoverable format, nor does it ever see an unencrypted version of your account private key.

    If you lose your password, the ONLY thing you can do is create a new account. I do not have the ability to recover passwords, nor the ability to reset them on an account. Without the password, it is impossible to decrypt the private key as well. For all practical purposes, an account whose password is lost isn't usable again.
  • Individual account recoveries would be a pain for the developers and a waste of time considering that this is a freebie. Still, I heard that using the highest level of encryption could cause bugs. Was that just a client-side error or would it screw up the auth-server-side as well? I do find it strange that of all the times I've typed in that password correctly, it was incorrect on the time it really mattered... bummer. Gah, I've tried so many combinations and none of them work! I need to make a macro or something...
  • Actually, the warning on the 1024-bit keys is related to the RSA key generator being more prone to generate composite numbers instead of prime numbers during the first step of RSA key generation.

    In certain semi-rare cases, this leads to a failure in the key generator, which then produces the error message regarding the detection of a problem in the account. These are an order of magnitude less likely when generating smaller keys. They also take much longer to generate than the shorter keylengths.

    The way to fix this is to restart the game, and redo the key generation. If you're waiting 7 to 15 minutes for a generation to complete (failed keys take longer to compute), having to do it more than once could be quite frustrating. This is why we recommend use of shorter keys.

    In any case... when you perform a log-in operation, you are not actually communicating with the authentication server. You are really just decrypting the private exponent of the account's RSA keypair, and then checking to make sure the SHA1 sum of the decrypted string matches the SHA1 sum computed on the unencrypted string SHA1's during account creation.

    The authentication server stores the same encrypted exponent, and SHA1 of the unencrypted version as is in your private store. The only additional information that the authentication server stores is the SHA1 sum of a static salt, your username, and your password concatenated together. This is what is used in an HMAC-type exchange when you're downloading accounts to verify you actually know the password.
Sign In or Register to comment.