Quest password

From ZCWiki
Jump to: navigation, search

Quest files you create in ZQuest can be protected against edits with a password. You set the password in ZQuest's Quest/Header menu option. Once set, anyone can still play the quest without knowing it, but opening it in ZQuest requires the password. This is meant for quest creators to protect their work against being edited, copied or "behind-the-scenes" information like cheats, maze paths being looked up by players.

Security warning

Before 2.11, passwords were encoded in the quest file with a master key. This key has been cracked - in fact a cracking program was made to extract passwords easily from quests. Because people used the same password for their quests in the database as for their forum accounts, this has more than once been used to successfully hack Armageddon Games.

In the 2.11 betas, passwords are hashed and offer a bit more security. However, if you use a weak/easily guessable password, anyone can still just guess and try out passwords in ZQ until he finds yours.

I strongly advise that, whatever version you use, you NEVER use your forum, email, or similar passwords for quests.

The ZC developers have a way of opening all quests without the password and resetting the password. If you lose the password for your quest, try and contact a developer.