Password migration to SHA256

[bilbous]

Is 0.5.8 fairly immanent? I understand we are at the point where self-compiled clients are already making the password upgrade.

[weltall]

It should be imminent.

[bilbous]

Congratulations on the release of 0.5.8, now that it is here is there any way for us to tell that the password migration for our accounts has been successfully achieved? I spent a while earlier logging in with a bunch of my accounts with the save password option unselected so I am expecting that they have been successfully migrated.

I choose to do this method because I have more defunct email addresses than I have available unused ones and I didn't want to create a bunch of webmail accounts that I'll never use for any other purpose and which would be deleted by the webhost for lack of use.

[weltall]

if you disable password saving there is no way to know if it worked

[bilbous]

Are you suggesting that if I save the password and the second time I login it succeeds I can assume that the stronger encryption is in place?
I just turned off the password saving to ensure I had to input the password instead of using the previously saved one.

Thank you for your responses.

[weltall]

when you delete the password field and write it again it will save two options the md5sum and the sha256sum in the config file, when this happens it's surely migrated

[weltall]

ok, even though i didn't list it, we are currently at step 2.5
This means the server will start accepting sha256 only authentication and, if it fails, it will attempt to do md5 authentication and storing of sha256 hash if provided. so just like step 3, only we didn't release the client yet. For who uses 0.5.8.1 nothing changes, for who uses svn clients it will mean they will start using the sha256 salted authentication.

[weltall]

accounts with login in last 3 months which are converted
88.5%
accounts with login in last year which are converted
47.2%

[weltall]

step3:
now clients will only login with sha256sum and won't update anymore the password. If you cannot login you'll have to do password recovery or use an older client (0.5.8[.1]) and input again the login details from scratch and get in game. After 10 minutes after logout you should be able to login with the new client.

[Mogweh]

[Lexx]

How do I do "password recovery" then, please.
If I go to http://planeshift.subhosting.net//register/index.php and do "forgot password", I never get a verification email.
I clicked on an earlier link for "password recovery" (can't remember where) but got "404 page not found".
Thanks.

[weltall]

check your spam folder

[Xanthan]

I've run into the same issue, trying three times.  I've checked spam, etc.

[Minks]

Some email providers delete the verififcation mail instantly. Googlemail works.

[Lexx]

I'm with Yahoo, which doesn't delete emails, yet I receive no password reset emails, not even in the Spam/Junk folder.
Also, if I set up my profile email for gmail, I get "No validated account with that e-mail found".