After I installed a new version of the multiplayer patch i had to retrieve my account (Account name + password needed). It downloaded the account data but I can't login. I use the same password as I used for retrieving the account but when I try to login it doesn' accept the password (Invalid password)
Maybe it's a serverside issue?
I'm investigating the problem now.
Any more info on this? I'm still unable to login. No rush, just curious.
I'm having the same problem, with the most current patch installed. The game ran fine until I tried to join a server, then it crashed. On trying to restart, my username (Mo_Steel) shows up in the dropdown box, but it says the password I'm using is wrong when I know it is not. Further, if I try to retrieve the account option it says my username isn't stored locally when it clearly is in the dropdown menu. I used the 768 encryption.
I am having the exact same problem. My game didn't crash when joining a server, though. It told me that I failed to join the IRC channel, so I wanted to restart the game. I downloaded the game and patch today (Jan 6, 2009). I used the highest form of encryption (which apparently, upon further investigation, may have been a bad idea). Is there any kind of server-side reset you guys can do for our accounts? My account in-game is Denalin. If needed, I can send you my password in a private message or something.
By the way, YOU GUYS ROCK! Tribes 2 is, bar none, my favorite game of all time, thank you so much for your dedication and hard work!
What I want you guys to do is browse into your Tribes 2/GameData/ directories and delete two file:
Once you've done this and you triple-check that you have the latest patch version, use the retrieve account option to download fresh copies of your key.
You can open your private.store file and make sure that there is a 40 byte blob of hex, a colon, followed by a much longer blob of hex.
Additionally... if you back up and remove the two store files, you can try an account credential download. We had an early bug (long resolved) where an account would download successfully, but the last byte of the stream cipher would be corrupted.
If the authentication server reports an incorrect password, then chances are you made a character transposition, or some other typo twice when entering your password. The account server stores a salted SHA1 sum of your password as part of an HMAC-type exchange.
Couldn't figure mine out either. Must just be unlucky I suppose
That did the trick. Thanks, guys.
I should also mention... the authentication server doesn't ever see your password, nor does it store your passwords in any easily recoverable format, nor does it ever see an unencrypted version of your account private key.
If you lose your password, the ONLY thing you can do is create a new account. I do not have the ability to recover passwords, nor the ability to reset them on an account. Without the password, it is impossible to decrypt the private key as well. For all practical purposes, an account whose password is lost isn't usable again.
In certain semi-rare cases, this leads to a failure in the key generator, which then produces the error message regarding the detection of a problem in the account. These are an order of magnitude less likely when generating smaller keys. They also take much longer to generate than the shorter keylengths.
The way to fix this is to restart the game, and redo the key generation. If you're waiting 7 to 15 minutes for a generation to complete (failed keys take longer to compute), having to do it more than once could be quite frustrating. This is why we recommend use of shorter keys.
In any case... when you perform a log-in operation, you are not actually communicating with the authentication server. You are really just decrypting the private exponent of the account's RSA keypair, and then checking to make sure the SHA1 sum of the decrypted string matches the SHA1 sum computed on the unencrypted string SHA1's during account creation.
The authentication server stores the same encrypted exponent, and SHA1 of the unencrypted version as is in your private store. The only additional information that the authentication server stores is the SHA1 sum of a static salt, your username, and your password concatenated together. This is what is used in an HMAC-type exchange when you're downloading accounts to verify you actually know the password.