Many players may have seen messages in TLF claiming that ships used in an attack had their passwords hacked and ships were stolen. What they may not know, is it’s highly unlikely to have actually happened. Anyone who has downloaded the tarballs for SST or TLR will soon realize that the passwords are not hackable, as they use a one-way cipher that’s not only based on the name of the ship, but also on it’s position in the user database.
I’ll go more into detail of possible cases of ships actually being stolen, but for now will instead tell you a few of the extortion tactics used to actually get others ships. One such method involves giving ships to another player, either because of extortion or just to facilitate an attack. Without mentioning any names, one of my teammates was approached by another player asking for ships with a total of a couple million figs. If we didn’t give the ships to this other starship captain, our farms would be attacked. We of course didn’t comply with the demands and got attacked, but had we given away the ships, we were asked to make a public announcement that the ships given away had their passwords hacked and stolen. There are variations in the extortion, an e-mail you may have sent linking you to some unsavory action in the game, giving out locations, etc…
In the same line, another common extortion tactic involved getting someone to start ships for you. Not very useful in current TLF but could happen when there was an entry game to get ships into the endless game. There, you might be threatened with destruction of your ships and bases unless you advanced ships from the entry game into the endless game and given to another player.
There are all kinds of variations on these extortion tactics, but I’m sure you’ll get the idea. Ships are only lost through stupidity or by being given away. And who knows, the person claiming to have lost the ships may actually be running them themselves.
So how do passwords actually get hacked, when it does happen? Easy, shear stupidity, with ship name being the password, having shared your password with someone, or using a shared computer and accessing the game with a browser. The login will probably be in the history of the browser used, if it hasn’t been cleared. There are some other means possible, but I can’t really see someone going to the trouble of sniffing network packets or doing keyboard logging just for the passwords to TLF ships. Not being trustful of passwords, I use different ones on different games and servers just in case.