[Release] UltimateWar - WarRock Private Server

Quote:

Originally Posted by toxiicdev Not overcrypted though, but creating an own way will sure be more safe than use a generic one, so if your database might be broken, well, if don't use generic way it will be very impossible to descramble the password

The advice was direct to everyone to make it clear up an misunderstanding.

You should read this article: [Only registered and activated users can see links. Click Here To Register...]
There is a chapter where they discuss "The WRONG Way: Double Hashing & Wacky Hash Functions"

I quote:

Quote:

An attacker cannot attack a hash when he doesn't know the algorithm, but note Kerckhoffs's principle, that the attacker will usually have access to the source code (especially if it's free or open source software), and that given a few password-hash pairs from the target system, it is not difficult to reverse engineer the algorithm. It does take longer to compute wacky hash functions, but only by a small constant factor. It's better to use an iterated algorithm that's designed to be extremely hard to parallelize (these are discussed below). And, properly salting the hash solves the rainbow table problem.

So basically just stick with a simple function because it's easy to reverse engineer, or figure out the function. Also I recommend using the mcrypt_create_iv function is good for generating random salts.

I am still waiting for the developers to implement this.. I've to say they are really slow.. They might need to consider closing their private server since their don't have the team to manage it properly.

Quote:

Originally Posted by Sleutel The advice was direct to everyone to make it clear up an misunderstanding. You should read this article: [Only registered and activated users can see links. Click Here To Register...] There is a chapter where they discuss "The WRONG Way: Double Hashing & Wacky Hash Functions" I quote: So basically just stick with a simple function because it's easy to reverse engineer, or figure out the function. Also I recommend using the mcrypt_create_iv function is good for generating random salts. I am still waiting for the developers to implement this.. I've to say they are really slow.. They might need to consider closing their private server since their don't have the team to manage it properly.

We had today a record of 19-20 players online.
I understand that security is important but we aren't a company.
We don't have much resources so it will take a while.

[Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by toxiicdev Not overcrypted though, but creating an own way will sure be more safe than use a generic one, so if your database might be broken, well, if don't use generic way it will be very impossible to descramble the password

This is sadly the wrong way.

Doing "it your own way" is not more safe.
Following generic instructions is more safe.

See my code, it automatically makes it very unlikely to reverse the password.
(it is prepending the salt and the method used to hash it to the password).

Reverse hashing is never impossible, but you can make it very unlikely to happen.

Quote:

Originally Posted by ✔Star✔ I understand that security is important but we aren't a company. We don't have much resources so it will take a while.

Again a cheap excuse, I wrote a full authentication and registration system in less then 1 hour from scratch (with doing table design and programming the logic) before I posted that post. Stop making excuses, just do it.

Quote:

Originally Posted by toxiicdev Not overcrypted though, but creating an own way will sure be more safe than use a generic one, so if your database might be broken, well, if don't use generic way it will be very impossible to descramble the password

are you like.. kinda dumb?
big data servers are using safe hashing methods, guess why..

mmm some one delete my messages...nice forum..i have backup :P

Quote:

Originally Posted by *Last* 19-20 new passwords that will be public.. Some one can try sqlinject or other attack this: warrocksold.altervista.org/oldproject/index.php Thanks, im the owner so its ok try it. (cyno when u will try and fail, please say it here not hide the failure :P)

Quote:

Originally Posted by *Last* mmm some one delete my messages...nice forum..i have backup :P

This site uses a plugin called: 'x-npnx-game' which is not supported. You guys have copying skills to the max.

You really have poor staff, they actually report players on forum (what is kinda strang if you're a staff member) without proof or whatsoever xD

So fucking hilarious.

Quote:

Originally Posted by Sleutel This site uses a plugin called: 'x-npnx-game' which is not supported. You guys have copying skills to the max.

Im 1, so its al least "guy" no "guys".
Yes i copied the style from nexon in the 2012, because i did a server of wr all alone and im not skilled in graphics and at that time no one maked the shop or panel so i was also the first (login and see marketplace), if you have complain can do nothing.
The are the limits to a one man work for few days.

You complain to the plug-in, but i not see a sql injection or a announce of my db leaked...so i think that my, all alone and rapid, work is enough for this bunch of simple crackers :D (i like crush kids pride, cyno where are youuuuuu?)

Quote:

Originally Posted by ijzeredraak5 You really have poor staff, they actually report players on forum (what is kinda strang if you're a staff member) without proof or whatsoever xD

To avoid players being banned for no reason, a GM has to review the report, even if it's from a moderator and decide to ban or not depending on the proof.

If there was a working anti cheat... :rolleyes:

Quote:

Originally Posted by ✔Star✔ To avoid players being banned for no reason,

Maybe start recruiting better people? what's the point of being a moderator if you don't have the powers to enforce rules to your players?

Quote:

Originally Posted by ijzeredraak5 Maybe start recruiting better people? what's the point of being a moderator if you don't have the powers to enforce rules to your players?

You have a bad idea of moderators, you see them as people to enforce rules on players. Moderators are about helping players and managing the game instead of acting like cops. Stuff like banning is only the worst case scenario.

We have a Skype staff group chat where moderators can report any malicious activity and I prefer take care of it personally.

We have decided that this way is better for now, we might change it later on.

Quote:

Originally Posted by ✔Star✔ You have a bad idea of moderators, you see them as people to enforce rules on players. Moderators are about helping players and managing the game instead of acting like cops. Stuff like banning is only the worst case scenario. We have a Skype staff group chat where moderators can report any malicious activity and I prefer take care of it personally. We have decided that this way is better for now, we might change it later on.

Because you recruit retarded people