Mafiascum.net

This is a problem that's been plaguing me for days now and I just managed to get around it. I'm posting this just in case someone has the same issue and for the admins to know.

I tried using the same password I use on the forum and kept getting that damn error. Tried different browsers, same story. I like solving problems on my own, so I didn't want to ask for help.

I was running out of ideas, until I thought "Could it be that my forum password is too long? Or perhaps that it has a < character?". (I tend to use long and complicated passwords, truth be told)

I tried removing 2 characters, including that symbol and... done!

If it was the symbol that did it, could the admins perhaps restrict forum passwords from using it just to save other people the headache?

Sounds like the wiki is storing a truncated version of your forum password. I don't know why that would be, as MediaWiki's security is usually pretty decent.

Is it really doing that? I removed the characters from my password first before trying to log in the wiki without them, if that wasn't clear.

Let me try to reverse that and see if it will let me log in with my original one.

And nope, it won't. This is bizarre.

I toyed around a bit, the symbol seems to have nothing to do with it.

My original password was 15 characters long. Reducing that to 14 makes me able to login, no matter which character I remove from my password.

It seems to be the length that's doing it.

We use a hack to let media wiki look at our forum passwords. I'm guessing media wikis max length is 14 and the forums is longer, and someone forgot to account for that when writing the hack~.

Ah, I see. I won't really miss the extra character, so no biggie. I hope that anyone with this issue can find this thread until it's accounted for.

Thanks for helping us discover it!

lots of places secretly and silently truncate passwords. I suppose this is better behavior...

In post 5, chamber wrote:We use a hack to let media wiki look at our forum passwords. I'm guessing media wikis max length is 14 and the forums is longer, and someone forgot to account for that when writing the hack~.

I was derping when I said this. It actually makes no sense when you consider we are comparing hashes of passwords not the passwords themselves. It actually has to be the reverse that is true. We must truncate passwords at 14 characters, and you don't notice it when trying to enter 16, but media wiki doesn't leading to an incorrect hash.