how to create an account

[cronic88]

hello all, im newbie in making private server, how can i create an account??

[kevinmace]

where exactly you want to create account at?
and if you want to create account anywhere you should
search for the register page

[pretzel666]

Doooooood Look in the "All things guide seciton -.-

[.Horror.]

Next Time Search.
~Your Horrors

[idlemonkey]

save as html and open in your browser to generate account sql

 Spoiler

Code:

<SCRIPT language=JavaScript>
<!--
var hex_chr = "0123456789abcdef";
function rhex(num)
{
 str = "";
 for(j = 0; j <= 3; j++)
 str += hex_chr.charAt((num >> (j * 8 + 4)) & 0x0F) +
 hex_chr.charAt((num >> (j * 8)) & 0x0F);
 return str;
}
function str2blks_MD5(str)
{
 nblk = ((str.length + 8) >> 6) + 1;
 blks = new Array(nblk * 16);
 for(i = 0; i < nblk * 16; i++) blks[i] = 0;
 for(i = 0; i < str.length; i++)
 blks[i >> 2] |= str.charCodeAt(i) << ((i % 4) * 8);
 blks[i >> 2] |= 0x80 << ((i % 4) * 8);
 blks[nblk * 16 - 2] = str.length * 8;
 return blks;
}
function add(x, y)
{
 var lsw = (x & 0xFFFF) + (y & 0xFFFF);
 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
 return (msw << 16) | (lsw & 0xFFFF);
}
function rol(num, cnt)
{
 return (num << cnt) | (num >>> (32 - cnt));
}
function cmn(q, a, b, x, s, t)
{
 return add(rol(add(add(a, q), add(x, t)), s), b);
}
function ff(a, b, c, d, x, s, t)
{
 return cmn((b & c) | ((~b) & d), a, b, x, s, t);
}
function gg(a, b, c, d, x, s, t)
{
 return cmn((b & d) | (c & (~d)), a, b, x, s, t);
}
function hh(a, b, c, d, x, s, t)
{
 return cmn(b ^ c ^ d, a, b, x, s, t);
}
function ii(a, b, c, d, x, s, t)
{
 return cmn(c ^ (b | (~d)), a, b, x, s, t);
}
function MD5(str)
{
 x = str2blks_MD5(str);
 var a = 1732584193;
 var b = -271733879;
 var c = -1732584194;
 var d = 271733878;
 for(i = 0; i < x.length; i += 16)
 {
 var olda = a;
 var oldb = b;
 var oldc = c;
 var oldd = d;
 a = ff(a, b, c, d, x[i+ 0], 7 , -680876936);
 d = ff(d, a, b, c, x[i+ 1], 12, -389564586);
 c = ff(c, d, a, b, x[i+ 2], 17, 606105819);
 b = ff(b, c, d, a, x[i+ 3], 22, -1044525330);
 a = ff(a, b, c, d, x[i+ 4], 7 , -176418897);
 d = ff(d, a, b, c, x[i+ 5], 12, 1200080426);
 c = ff(c, d, a, b, x[i+ 6], 17, -1473231341);
 b = ff(b, c, d, a, x[i+ 7], 22, -45705983);
 a = ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
 d = ff(d, a, b, c, x[i+ 9], 12, -1958414417);
 c = ff(c, d, a, b, x[i+10], 17, -42063);
 b = ff(b, c, d, a, x[i+11], 22, -1990404162);
 a = ff(a, b, c, d, x[i+12], 7 , 1804603682);
 d = ff(d, a, b, c, x[i+13], 12, -40341101);
 c = ff(c, d, a, b, x[i+14], 17, -1502002290);
 b = ff(b, c, d, a, x[i+15], 22, 1236535329);
 a = gg(a, b, c, d, x[i+ 1], 5 , -165796510);
 d = gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
 c = gg(c, d, a, b, x[i+11], 14, 643717713);
 b = gg(b, c, d, a, x[i+ 0], 20, -373897302);
 a = gg(a, b, c, d, x[i+ 5], 5 , -701558691);
 d = gg(d, a, b, c, x[i+10], 9 , 38016083);
 c = gg(c, d, a, b, x[i+15], 14, -660478335);
 b = gg(b, c, d, a, x[i+ 4], 20, -405537848);
 a = gg(a, b, c, d, x[i+ 9], 5 , 568446438);
 d = gg(d, a, b, c, x[i+14], 9 , -1019803690);
 c = gg(c, d, a, b, x[i+ 3], 14, -187363961);
 b = gg(b, c, d, a, x[i+ 8], 20, 1163531501);
 a = gg(a, b, c, d, x[i+13], 5 , -1444681467);
 d = gg(d, a, b, c, x[i+ 2], 9 , -51403784);
 c = gg(c, d, a, b, x[i+ 7], 14, 1735328473);
 b = gg(b, c, d, a, x[i+12], 20, -1926607734);
 a = hh(a, b, c, d, x[i+ 5], 4 , -378558);
 d = hh(d, a, b, c, x[i+ 8], 11, -2022574463);
 c = hh(c, d, a, b, x[i+11], 16, 1839030562);
 b = hh(b, c, d, a, x[i+14], 23, -35309556);
 a = hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
 d = hh(d, a, b, c, x[i+ 4], 11, 1272893353);
 c = hh(c, d, a, b, x[i+ 7], 16, -155497632);
 b = hh(b, c, d, a, x[i+10], 23, -1094730640);
 a = hh(a, b, c, d, x[i+13], 4 , 681279174);
 d = hh(d, a, b, c, x[i+ 0], 11, -358537222);
 c = hh(c, d, a, b, x[i+ 3], 16, -722521979);
 b = hh(b, c, d, a, x[i+ 6], 23, 76029189);
 a = hh(a, b, c, d, x[i+ 9], 4 , -640364487);
 d = hh(d, a, b, c, x[i+12], 11, -421815835);
 c = hh(c, d, a, b, x[i+15], 16, 530742520);
 b = hh(b, c, d, a, x[i+ 2], 23, -995338651);
 a = ii(a, b, c, d, x[i+ 0], 6 , -198630844);
 d = ii(d, a, b, c, x[i+ 7], 10, 1126891415);
 c = ii(c, d, a, b, x[i+14], 15, -1416354905);
 b = ii(b, c, d, a, x[i+ 5], 21, -57434055);
 a = ii(a, b, c, d, x[i+12], 6 , 1700485571);
 d = ii(d, a, b, c, x[i+ 3], 10, -1894986606);
 c = ii(c, d, a, b, x[i+10], 15, -1051523);
 b = ii(b, c, d, a, x[i+ 1], 21, -2054922799);
 a = ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
 d = ii(d, a, b, c, x[i+15], 10, -30611744);
 c = ii(c, d, a, b, x[i+ 6], 15, -1560198380);
 b = ii(b, c, d, a, x[i+13], 21, 1309151649);
 a = ii(a, b, c, d, x[i+ 4], 6 , -145523070);
 d = ii(d, a, b, c, x[i+11], 10, -1120210379);
 c = ii(c, d, a, b, x[i+ 2], 15, 718787259);
 b = ii(b, c, d, a, x[i+ 9], 21, -343485551);
 a = add(a, olda);
 b = add(b, oldb);
 c = add(c, oldc);
 d = add(d, oldd);
 }
 return rhex(a) + rhex(b) + rhex(c) + rhex(d);
}

function GenMD5(txtPassword)
{
	var a = txtPassword;
	var b = "\xa3\xac\xa1\xa3";
	var c = "fdjf,jkgfkl";
	var s =  a+b+c;
	var r = MD5(s);	
	return r;
}

function EchoAll(login,password)
{
    document.open()
    document.write("mysql Query generated<br />run this query in your sql editor<br /><b>insert into my.account (name,password) values('" + login + "','"+GenMD5(password)+"');");
    document.close();
}
-->
</SCRIPT>

<FORM name=val>
<META content="MSHTML 6.00.6000.16640" name=GENERATOR></HEAD>
<BODY>
<TABLE cellSpacing=3 cellPadding=0 border=0>
  <TBODY>
  <TR>
    <TD>Username</TD>
    <TD><INPUT name=login><BR></TD></TR>
  <TR>
    <TD>Password</TD>
    <TD><INPUT name=password><BR></TD></TR></TBODY></TABLE><INPUT onclick=javascript:EchoAll(val.login.value,val.password.value) type=button value="Run" form <></BODY></FORM></HTML>

this is one of the scripts included in the mywork folder of the revo database if i remember right

[hio77]

that script has been around well well before the revo database fyi.

slightly changed html around it, but the salted MD5 (the bit that actually matters) is the same.

[idlemonkey]

yeh Im sure lol just pointing the guy at something easy to generate an sql for him
(ps yeh if you wanna use the password hashing portion on a register page by changing to form i reccomend you "at very least" change the hash a little bit to different random numbers)


its actually a lot easier to write now
no point in wasting the time for it for something like this though



heres a couple of different md5+salt combinations if you want

 Spoiler

Code:

tohash=""
DIMENSION SinusArray(64)
#DEFINE MAX_UINT 4294967296
#DEFINE NUMBEROFBIT 8 && UNICODE 16 (unicode not tested)


PROCEDURE init
  LOCAL I
  FOR I = 1 TO 64
    this.SinusArray(I)=TRANSFORM(MAX_UINT*ABS(SIN(I)),"@0")
    this.SinusArray(I)=BITAND(EVALUATE(this.SinusArray(I)),0xFFFFFFFF) &&CAST
  ENDFOR
RETURN .T.

PROCEDURE bourre
  LOCAL NBR_BIT_BOURRE, BOURRAGE
  Bourrage = CHR(128)+REPLICATE(CHR(0),63)
  NBR_BIT_BOURRE=(448-(LEN(THIS.TOHASH)*NUMBEROFBIT)%512)/NUMBEROFBIT
  IF (LEN(THIS.TOHASH)*NUMBEROFBIT)%512>=448
    NBR_BIT_BOURRE=(448+((512-LEN(THIS.TOHASH)*NUMBEROFBIT)%512))/NUMBEROFBIT
  ENDIF

RETURN LEFT(bourrage,NBR_BIT_BOURRE)


PROCEDURE acompleter
  LOCAL retour,decalage
  decalage=TRANSFORM(LEN(this.tohash)* NUMBEROFBIT,"@0")
  retour=""
  retour=retour+CHR(EVALUATE("0x"+SUBSTR(decalage,9,2)))
  retour=retour+CHR(EVALUATE("0x"+SUBSTR(decalage,7,2)))
  retour=retour+CHR(EVALUATE("0x"+SUBSTR(decalage,5,2)))
  retour=retour+CHR(EVALUATE("0x"+SUBSTR(decalage,3,2)))
  retour=retour+REPLICATE(CHR(0),4)
RETURN RETOUR


PROCEDURE MD5_F
LPARAMETERS x,y,z
RETURN BITOR(BITAND(X,Y),BITAND(BITNOT(X),Z))

PROCEDURE MD5_G
LPARAMETERS x,y,z
RETURN BITOR(BITAND(X,Z),BITAND(Y,BITNOT(Z)))

PROCEDURE MD5_H
LPARAMETERS x,y,z
RETURN BITXOR(X,Y,Z)

PROCEDURE MD5_I
LPARAMETERS x,y,z
RETURN BITXOR(Y,BITOR(X,BITNOT(Z)))

PROCEDURE ROTATE_LEFT
LPARAMETERS pivot, npivot
RETURN BITOR(BITLSHIFT(pivot,npivot),BITRSHIFT(pivot,32-Npivot))

procedure ronde1
LPARAMETERS PA,PB,PC,PD,PE,PF,PG
RETURN PB+this.ROTATE_LEFT(PA+this.MD5_F(PB,PC,PD)+PE+PG,PF)

procedure ronde2
LPARAMETERS PA,PB,PC,PD,PE,PF,PG
RETURN PB+this.ROTATE_LEFT(PA+this.MD5_G(PB,PC,PD)+PE+PG,PF)

PROCEDURE ronde3
LPARAMETERS PA,PB,PC,PD,PE,PF,PG
RETURN PB+this.ROTATE_LEFT(PA+this.MD5_H(PB,PC,PD)+PE+PG,PF)

PROCEDURE ronde4
LPARAMETERS PA,PB,PC,PD,PE,PF,PG
RETURN PB+this.ROTATE_LEFT(PA+this.MD5_I(PB,PC,PD)+PE+PG,PF)

PROCEDURE compute
  LOCAL tocompute,CPT_I,CPT_J,CPT_L,TMP_STRING,AA,BB,CC,DD,a,b,c,d,aa,bb,cc,dd
  A=BITAND(0x67452301,0xFFFFFFFF)
  B=BITAND(0xEFCDAB89,0xFFFFFFFF)
  C=BITAND(0x98BADCFE,0xFFFFFFFF)
  D=BITAND(0x10325476,0xFFFFFFFF)

  DIMENSION T_X(16)
  tocompute=this.tohash+this.bourre()+this.acompleter()
  lentocompute=LEN(tocompute)/64
  OldA=A
  OldB=B
  OldC=C
  OldD=D
  FOR CPT_I=0 TO lentocompute-1
    FOR CPT_J=0 TO 15
      T_X(CPT_J+1)=""
      T_X(CPT_J+1)=T_X(CPT_J+1)+RIGHT(TRANSFORM(ASC(SUBSTR(tocompute,(CPT_I*64)+(CPT_J*4)+4,1)),"@0"),2)
      T_X(CPT_J+1)=T_X(CPT_J+1)+RIGHT(TRANSFORM(ASC(SUBSTR(tocompute,(CPT_I*64)+(CPT_J*4)+3,1)),"@0"),2)
      T_X(CPT_J+1)=T_X(CPT_J+1)+RIGHT(TRANSFORM(ASC(SUBSTR(tocompute,(CPT_I*64)+(CPT_J*4)+2,1)),"@0"),2)
      T_X(CPT_J+1)=T_X(CPT_J+1)+RIGHT(TRANSFORM(ASC(SUBSTR(tocompute,(CPT_I*64)+(CPT_J*4)+1,1)),"@0"),2)

      T_X(CPT_J+1)=BITAND(EVALUATE("0x"+T_X(CPT_J+1)),0xFFFFFFFF) && CAST
      *? TRANSFORM(T_X(CPT_J+1),"@0")
      *?
    ENDFOR

    OldA=A
    OldB=B
    OldC=C
    OldD=D

    && Ronde1
    a=this.ronde1(a,b,c,d,T_X( 1), 7,this.sinusarray( 1))
    d=this.ronde1(d,a,b,c,T_X( 2),12,this.sinusarray( 2))
    c=this.ronde1(c,d,a,b,T_X( 3),17,this.sinusarray( 3))
    b=this.ronde1(b,c,d,a,T_X( 4),22,this.sinusarray( 4))

    a=this.ronde1(a,b,c,d,T_X( 5), 7,this.sinusarray( 5))
    d=this.ronde1(d,a,b,c,T_X( 6),12,this.sinusarray( 6))
    c=this.ronde1(c,d,a,b,T_X( 7),17,this.sinusarray( 7))
    b=this.ronde1(b,c,d,a,T_X( 8),22,this.sinusarray( 8))

    a=this.ronde1(a,b,c,d,T_X( 9), 7,this.sinusarray( 9))
    d=this.ronde1(d,a,b,c,T_X(10),12,this.sinusarray(10))
    c=this.ronde1(c,d,a,b,T_X(11),17,this.sinusarray(11))
    b=this.ronde1(b,c,d,a,T_X(12),22,this.sinusarray(12))

    a=this.ronde1(a,b,c,d,T_X(13), 7,this.sinusarray(13))
    d=this.ronde1(d,a,b,c,T_X(14),12,this.sinusarray(14))
    c=this.ronde1(c,d,a,b,T_X(15),17,this.sinusarray(15))
    b=this.ronde1(b,c,d,a,T_X(16),22,this.sinusarray(16))
    && ronde 2
    a=this.ronde2(a,b,c,d,T_X( 2), 5,this.sinusarray(17))
    d=this.ronde2(d,a,b,c,T_X( 7), 9,this.sinusarray(18))
    c=this.ronde2(c,d,a,b,T_X(12),14,this.sinusarray(19))
    b=this.ronde2(b,c,d,a,T_X( 1),20,this.sinusarray(20))

    a=this.ronde2(a,b,c,d,T_X( 6), 5,this.sinusarray(21))
    d=this.ronde2(d,a,b,c,T_X(11), 9,this.sinusarray(22))
    c=this.ronde2(c,d,a,b,T_X(16),14,this.sinusarray(23))
    b=this.ronde2(b,c,d,a,T_X( 5),20,this.sinusarray(24))

    a=this.ronde2(a,b,c,d,T_X(10), 5,this.sinusarray(25))
    d=this.ronde2(d,a,b,c,T_X(15), 9,this.sinusarray(26))
    c=this.ronde2(c,d,a,b,T_X( 4),14,this.sinusarray(27))
    b=this.ronde2(b,c,d,a,T_X( 9),20,this.sinusarray(28))

    a=this.ronde2(a,b,c,d,T_X(14), 5,this.sinusarray(29))
    d=this.ronde2(d,a,b,c,T_X( 3), 9,this.sinusarray(30))
    c=this.ronde2(c,d,a,b,T_X( 8),14,this.sinusarray(31))
    b=this.ronde2(b,c,d,a,T_X(13),20,this.sinusarray(32))

    && ronde 3
    a=this.ronde3(a,b,c,d,T_X( 6), 4,this.sinusarray(33))
    d=this.ronde3(d,a,b,c,T_X( 9),11,this.sinusarray(34))
    c=this.ronde3(c,d,a,b,T_X(12),16,this.sinusarray(35))
    b=this.ronde3(b,c,d,a,T_X(15),23,this.sinusarray(36))

    a=this.ronde3(a,b,c,d,T_X( 2), 4,this.sinusarray(37))
    d=this.ronde3(d,a,b,c,T_X( 5),11,this.sinusarray(38))
    c=this.ronde3(c,d,a,b,T_X( 8),16,this.sinusarray(39))
    b=this.ronde3(b,c,d,a,T_X(11),23,this.sinusarray(40))

    a=this.ronde3(a,b,c,d,T_X(14), 4,this.sinusarray(41))
    d=this.ronde3(d,a,b,c,T_X( 1),11,this.sinusarray(42))
    c=this.ronde3(c,d,a,b,T_X( 4),16,this.sinusarray(43))
    b=this.ronde3(b,c,d,a,T_X( 7),23,this.sinusarray(44))

    a=this.ronde3(a,b,c,d,T_X(10), 4,this.sinusarray(45))
    d=this.ronde3(d,a,b,c,T_X(13),11,this.sinusarray(46))
    c=this.ronde3(c,d,a,b,T_X(16),16,this.sinusarray(47))
    b=this.ronde3(b,c,d,a,T_X( 3),23,this.sinusarray(48))

    && ronde 4
    a=this.ronde4(a,b,c,d,T_X( 1), 6,this.sinusarray(49))
    d=this.ronde4(d,a,b,c,T_X( 8),10,this.sinusarray(50))
    c=this.ronde4(c,d,a,b,T_X(15),15,this.sinusarray(51))
    b=this.ronde4(b,c,d,a,T_X( 6),21,this.sinusarray(52))

    a=this.ronde4(a,b,c,d,T_X(13), 6,this.sinusarray(53))
    d=this.ronde4(d,a,b,c,T_X( 4),10,this.sinusarray(54))
    c=this.ronde4(c,d,a,b,T_X(11),15,this.sinusarray(55))
    b=this.ronde4(b,c,d,a,T_X( 2),21,this.sinusarray(56))

    a=this.ronde4(a,b,c,d,T_X( 9), 6,this.sinusarray(57))
    d=this.ronde4(d,a,b,c,T_X(16),10,this.sinusarray(58))
    c=this.ronde4(c,d,a,b,T_X( 7),15,this.sinusarray(59))
    b=this.ronde4(b,c,d,a,T_X(14),21,this.sinusarray(60))

    a=this.ronde4(a,b,c,d,T_X( 5), 6,this.sinusarray(61))
    d=this.ronde4(d,a,b,c,T_X(12),10,this.sinusarray(62))
    c=this.ronde4(c,d,a,b,T_X( 3),15,this.sinusarray(63))
    b=this.ronde4(b,c,d,a,T_X(10),21,this.sinusarray(64))

	&&-- this was wrong, as lead to numeric overfolow when
	&&-- string tocompute is larger than 2KB
*!*	    a=a+olda
*!*	    b=b+oldb
*!*	    c=c+oldC
*!*	    d=d+oldd
	&&-- now it's OK
    a=bitand(a+olda,0xFFFFFFFF)  &&-- cut to 32bit unsigned integer
    b=bitand(b+oldb,0xFFFFFFFF)
    c=bitand(c+oldC,0xFFFFFFFF)
    d=bitand(d+oldd,0xFFFFFFFF)
  ENDFOR
  a=TRANSFORM(BITAND(a,0xFFFFFFFF),"@0") && cast
  b=TRANSFORM(BITAND(b,0xFFFFFFFF),"@0") && cast
  c=TRANSFORM(BITAND(c,0xFFFFFFFF),"@0") && cast
  d=TRANSFORM(BITAND(d,0xFFFFFFFF),"@0") && cast
  a=SUBSTR(a,9,2)+SUBSTR(a,7,2)+SUBSTR(a,5,2)+SUBSTR(a,3,2)
  b=SUBSTR(b,9,2)+SUBSTR(b,7,2)+SUBSTR(b,5,2)+SUBSTR(b,3,2)
  c=SUBSTR(c,9,2)+SUBSTR(c,7,2)+SUBSTR(c,5,2)+SUBSTR(c,3,2)
  d=SUBSTR(d,9,2)+SUBSTR(d,7,2)+SUBSTR(d,5,2)+SUBSTR(d,3,2)

RETURN a+b+c+d

PROCEDURE testsuite
&& return true if all the reference value are true
  LOCAL test
  test=.T.
  this.tohash=""
  IF LOWER(this.compute())#"d41d8cd98f00b204e9800998ecf8427e"
    RETURN this.tohash
  ENDIF
  this.tohash="a"
  IF LOWER(this.compute())#"0cc175b9c0f1b6a831c399e269772661"
    RETURN this.tohash
  ENDIF
  this.tohash="abc"
  IF LOWER(this.compute())#"900150983cd24fb0d6963f7d28e17f72"
    RETURN this.tohash
  ENDIF
  this.tohash="message digest"
  IF LOWER(this.compute())#"f96b697d7cb7938d525a2f31aaf161d0"
    RETURN this.tohash
  ENDIF
  this.tohash="abcdefghijklmnopqrstuvwxyz"
  IF LOWER(this.compute())#"c3fcd3d76192e4007dfb496cca67e13b"
    RETURN this.tohash
  ENDIF
  this.tohash="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
  IF LOWER(this.compute())#"d174ab98d277d9f5a5611c2c9f419d9f"
    RETURN this.tohash
  ENDIF
  this.tohash="12345678901234567890123456789012345678901234567890123456789012345678901234567890"
  IF LOWER(this.compute())#"57edf4a22be3c955ac49da2e2107b67a"
    RETURN this.tohash
  ENDIF
  RETURN test

ENDDEFINE

and the super easy but less secure way

Code:

<?php
$string = 'something';
$salt = 's+(_a*';
$hash = md5($string.$salt);
?>

another example of the same thing

Code:

String password = "mypassword";
String salt = "Random$SaltValue#WithSpecialCharacters12@$@4&#%^$*";
String hash = md5(password + salt);

[PowerChaos]

if i am not wrong
there is only 1 md5 algorytme that works for eo to login
exept if you change the algorytme also in the account server/login screen

Greetings From PowerChaos

[idlemonkey]

Quote:

Originally Posted by hio77

that script has been around well well before the revo database fyi.
slightly changed html around it, but the salted MD5 (the bit that actually matters) is the same.

yeh so true though heh

Quote:

Originally Posted by PowerChaos

if i am not wrong
there is only 1 md5 algorytme that works for eo to login
exept if you change the algorytme also in the account server/login screen

Greetings From PowerChaos

well yes of course you have to change some things to make new things work

[hio77]

Never actually made the connection that it was ripped directly from tq.

Would have assumed they would have attempted to change it a little at this point.

IIRC there is a thread about changing the salt, but it's not an easy task.

End of the day, your better off working on packet encryption before changing salts which should be behind a secured firewall.

[idlemonkey]

Quote:

Originally Posted by hio77

End of the day, your better off working on packet encryption before changing salts which should be behind a secured firewall.

heh yeh just pointing out that it 'could' be done not that it needs to
and yes securing your server is the first priority as they would have to get past that to get to the database to begin with
packet encryption is an even more daunting task than hash codes for most people though lol
first they would have to learn what packets are and how theyre used to be able to even start

[hio77]

Considering if you can't even set your firewall correctly, and set MySQL up to survive twats trying to "hack" you, a server alone should be the backburner really.

Call it harsh, but I strongly believe server owners should have a sound knowledge of what I'd happening in the background.

How does one correctly diagnose a fault if they don't know what they are talking about?

This is the extent you should be at if your looking to change hashes.

But once again, if your ay the stage of doing that, one would hope it's not just a stopgap mesure to insecurity.

[PowerChaos]

Quote:

Originally Posted by hio77

Never actually made the connection that it was ripped directly from tq.

Would have assumed they would have attempted to change it a little at this point.

IIRC there is a thread about changing the salt, but it's not an easy task.

End of the day, your better off working on packet encryption before changing salts which should be behind a secured firewall.

why would TQ change there md5 hash in first place ?
any idea how mutch updates they need to perform to change all the md5 passwords to "new" passwords ?
and if i am not wrong , they dit it before ( reason why a lot of accounts where logged in into some one else account -> caused a rollback of the db )

then for package encryption
unless you know where it is used for is it useless to apply them (every noob can sniff out packages those days with wireshark or backtrack ? )

also some things are just overrated , they look like they can generate a appocalypse but in reality is it a differend story
reason of encryption ? to prevent data theft if they get the db , not to prevent hackers from guessing your pass ( as md5 can not be reversed so it is still a safe way of encryption)

so if you do packet sniffing and get the return value's , you are still missing the real hash/pass from the package as it just return 1 or 0

so what reason do they have then to change there system ? or to change the md5 algorithm when it provide more trouble then it is worth

also for security , it depends who is in charge of the security and about what layer you are talking

firewall and client side stuff is for the client , but there are a lot more things behind that part that clients does not know about
so you can not blame the client if they do not have those knowledge (like ADDC , only who use it knows what it can do -> vps providers for example )

eather way , to stay on topic
if he want a easy solution then use my script on
he only need to fix the small bug in it , solution is here on the forum ( i still dit not got time to fix it , easy fix , just replace a variable to a other file )

Greetings From PowerChaos

[hio77]

What I meant by my coments is I'm surprised tq still process the md5 on the clients side.

When talking firewalls and security, I'm talking application level settings in MySQL (hostmark ip limiting, access limitations. ) and at layer 4, in terms of limiting the port being open to anymore addresses than needed.

I like to keep my position in datacenters and hosting seperate from wo threads myself. Generally you end up getting too technical otherwise.

By no part was I suggesting the user should be imposing limitations outside of their reach.

My expectations with packets come down to, by the point of understanding packets, you really do learn an underlining for how the system works in full.

Maybe my points slightly missed their mark - using phone right now and can't really reread post. But you got the wrong end of what I was getting at...

[idlemonkey]

Quote:

Originally Posted by hio77

Considering if you can't even set your firewall correctly, and set MySQL up to survive twats trying to "hack" you, a server alone should be the backburner really.

Call it harsh, but I strongly believe server owners should have a sound knowledge of what I'd happening in the background.

How does one correctly diagnose a fault if they don't know what they are talking about?

This is the extent you should be at if your looking to change hashes.

But once again, if your at the stage of doing that, one would hope it's not just a stopgap mesure to insecurity.

lol an outside threat is one thing and yeh its not likely that people will get your stuff from the outside
but password hashes and local permissions etc are important as well to keep the people you work with honest although I doubt many would have the knowledge to decrypt them a few around here might though

Quote:

Originally Posted by hio77

What I meant by my coments is I'm surprised tq still process the md5 on the clients side.

When talking firewalls and security, I'm talking application level settings in MySQL (hostmark ip limiting, access limitations. ) and at layer 4, in terms of limiting the port being open to anymore addresses than needed.

I like to keep my position in datacenters and hosting seperate from wo threads myself. Generally you end up getting too technical otherwise.

By no part was I suggesting the user should be imposing limitations outside of their reach.

My expectations with packets come down to, by the point of understanding packets, you really do learn an underlining for how the system works in full.

Maybe my points slightly missed their mark - using phone right now and can't really reread post. But you got the wrong end of what I was getting at...

yeh this thread is getting rather technical and off topic isnt it lol