2010-02-06, 12:24 PM
(This post was last modified: 2010-02-06, 01:09 PM by MissingLink.)
I noticed somebody on the SW thread stated that passwords with special chars actually do work on the Nexon Forum login.
I verified this on my throwaway test account.
I changed the password to something of the form 'aaaa1111x', where x is a special character created using ALT+169, and shows up as the copyright symbol in wordpad, but as ⌐ here.
I was able to successfully sign up and log into the Nexon forum by right-click pasting this password.
The fact that the password works anywhere proves that at least for special characters created using the ALT+1xx method, the characters are not truncated or modified before being hashed and stored. (*)
Of course, as expected, the password does not work at the main nexon.net login (even though right-click pasting normally works there), nor on the game (even though CTRL-V pasting normally works there).
For me, this proves the validity of this method.
Edit:
I don't know if this has been mentioned, but normally when you enter an incorrect password (with or without special characters) at the main .net login, it tells you wrong password. But if you paste in the correct password with special character, it does not say wrong password, but just reverts to the previous page. So it seems like the main login also recognizes the special password, but still does not let you in. I suppose there is a slight worry that hackers could find a way around this if they know more about how these things work than the rest of us.
(*) Unless the forum login script pre-modifies the special characters in the same way as the password change page script does, but other login pages do not act the same.
I verified this on my throwaway test account.
I changed the password to something of the form 'aaaa1111x', where x is a special character created using ALT+169, and shows up as the copyright symbol in wordpad, but as ⌐ here.
I was able to successfully sign up and log into the Nexon forum by right-click pasting this password.
The fact that the password works anywhere proves that at least for special characters created using the ALT+1xx method, the characters are not truncated or modified before being hashed and stored. (*)
Of course, as expected, the password does not work at the main nexon.net login (even though right-click pasting normally works there), nor on the game (even though CTRL-V pasting normally works there).
For me, this proves the validity of this method.
Edit:
I don't know if this has been mentioned, but normally when you enter an incorrect password (with or without special characters) at the main .net login, it tells you wrong password. But if you paste in the correct password with special character, it does not say wrong password, but just reverts to the previous page. So it seems like the main login also recognizes the special password, but still does not let you in. I suppose there is a slight worry that hackers could find a way around this if they know more about how these things work than the rest of us.
(*) Unless the forum login script pre-modifies the special characters in the same way as the password change page script does, but other login pages do not act the same.

