|
You last visited: Today at 05:09
Advertisement
PW encryption / hashing
Discussion on PW encryption / hashing within the Shaiya Private Server forum part of the Shaiya category.
05/04/2012, 21:36
|
#1
|
elite*gold: 0 
Join Date: Sep 2011
Posts: 21
Received Thanks: 48
|
PW encryption / hashing
Is anyone here working on password encryption for the users_master table?
I just want to make sure I'm not duplicating effort.
I seem to only able to find bits an pieces about it with the search function.
|
|
|
|
05/04/2012, 22:00
|
#2
|
elite*gold: 150
Join Date: Apr 2010
Posts: 9,739
Received Thanks: 8,981
|
I don't think there is anyone actively working on it, and if there is, I don't know about it.
Now, as this is not a release...
#Moved to the right section
|
|
|
|
|
05/05/2012, 12:55
|
#3
|
elite*gold: 0
Join Date: Jan 2011
Posts: 197
Received Thanks: 75
|
i think ive read about it somwhere in here... but i dont remember where and who did it >.<
i think it was either abrasives or EarthCrushs release, but im not sure about that 
Edit: Found it!
|
|
|
|
|
05/07/2012, 19:32
|
#4
|
elite*gold: 0
Join Date: Sep 2011
Posts: 21
Received Thanks: 48
|
Ugh!, Thanks for the move John, I've got a lot of stuff going on and brain.exe must be set to low priority  Also, could you add the how to password hashing link to the index?
And thanks to DotG, I posted and being the OCD person I am, I decided to jump headlong into it on my own. I did get the pwd's encrypted on my own and recreate the process to replicate this on the "prod" db server. However I did it using certificates and symmetric keys, almost the same end result though.
I say almost because I added a column to the users_master table to hold the new encrypted pw, modified the game login sp, set the new column to the encrypted value of the pw column and then nulled the pw column...all so users that were currently logged in wouldn't be affected by the change and their "pw" would remain the same.
and to everyone else, Please, hash/encrypt your users passwords
|
|
|
|
|
05/09/2012, 00:23
|
#5
|
elite*gold: 0
Join Date: Jan 2011
Posts: 238
Received Thanks: 901
|
I did this by sending registration data to a stored procedure.
Code:
--Procedure: dbo.Create_Shaiya_Account
/* DROP PROCEDURE dbo.Create_Shaiya_Account
GO */
CREATE PROCEDURE dbo.Create_Shaiya_Account
@UserID varchar(18),
@Pw varchar(18),
@Administrator tinyint = 0
AS
SET NOCOUNT ON
DECLARE @username VARCHAR(18);
DECLARE @password VARCHAR(50);
DECLARE @admin TINYINT;
DECLARE @salt VARBINARY(40);
DECLARE @hash VARBINARY(40);
SET @username = @UserID;
SET @password = @Pw;
SET @admin = @Administrator;
SET @salt = CONVERT(VARBINARY,CAST(RAND() * 1000000000 AS INT));
SET @hash = CONVERT(VARBINARY,HASHBYTES('SHA1',CONVERT(VARCHAR,@salt) + @password));
-- Add admin user
IF(@admin = 1)
BEGIN
INSERT INTO [PS_userdata].[dbo].[Users_Master]
([UserID],[Pw],[Admin],[AdminLevel],[Leave],[Status],[UserType],[Salt],[CreatedDate])
VALUES(@username,@hash,1,255,0,16,'A',@salt,GETDATE());
END
-- Add regular user
ELSE IF(@admin = 0)
BEGIN
INSERT INTO [PS_userdata].[dbo].[Users_Master]
([UserID],[Pw],[Admin],[AdminLevel],[Leave],[Status],[UserType],[Salt],[CreatedDate])
VALUES(@username,@hash,0,0,0,0,'N',@salt,GETDATE());
END
SELECT
[UserUID],
[Status],
[Leave]
FROM Users_Master AS UM
WHERE UM.UserID = @username
AND UM.Pw = CONVERT(VARBINARY,HASHBYTES('SHA1',CONVERT(VARCHAR,UM.Salt) + @password));
INSERT INTO [PS_GameData].[dbo].[UserMaxGrow]
([ServerID],[UserUID],[Country],[MaxGrow],[Del])
VALUES(1,(SELECT UserUID FROM [PS_UserData].[dbo].[Users_Master] WHERE UserID = @username),2,3,0)
SET NOCOUNT OFF
GO
EXEC sp_addextendedproperty
N'MS_Description', N'Username',
N'SCHEMA', N'dbo',
N'PROCEDURE', N'Create_Shaiya_Account',
N'PARAMETER', N'@UserID'
GO
EXEC sp_addextendedproperty
N'MS_Description', N'Password',
N'SCHEMA', N'dbo',
N'PROCEDURE', N'Create_Shaiya_Account',
N'PARAMETER', N'@Pw'
GO
EXEC sp_addextendedproperty
N'MS_Description', N'User Is Admin 1 for Yes 0 for No',
N'SCHEMA', N'dbo',
N'PROCEDURE', N'Create_Shaiya_Account',
N'PARAMETER', N'@Administrator'
GO
This works pretty well for creating accounts.
For the login i use this.
Code:
--Procedure: dbo.usp_Try_GameLogin_R
/* DROP PROCEDURE dbo.usp_Try_GameLogin_R
GO */
CREATE PROCEDURE dbo.usp_Try_GameLogin_R
@UserID varchar(18),
@InPassword varchar(32),
@SessionID bigint,
@UserIP varchar(15),
@UserUID int = 0,
@LoginType smallint = 1,
@LoginTime datetime = NULL
AS
SET NOCOUNT ON
DECLARE
@Leave TINYINT,
@Status SMALLINT,
@TempIP VARCHAR(15),
@Check INT
SET @Status = -1
SET @LoginTime = GETDATE()
SET @UserIP = LTRIM(RTRIM(@UserIP))
--------------------------------------------------
SELECT
@UserUID=[UserUID],
@Status=[Status],
@Leave=[Leave]
FROM Users_Master AS UM
WHERE UM.UserID = @UserID
AND UM.Pw = CONVERT(VARBINARY,HASHBYTES('SHA1',CONVERT(VARCHAR,UM.Salt) + @InPassword));
-- No account or incorrect username and password
IF(@@ROWCOUNT = 0)
BEGIN
SET @Status = 1
END
-- User already logged in
ELSE IF( @Leave = 1 )
BEGIN
SET @Status = -7
END
-- BlockUser Check
IF( (@Status >= 2) AND (@Status <= 6) )
BEGIN
-- Get Block Limit Date AND Replace date text
DECLARE @BlockEndDate datetime
SELECT @BlockEndDate = BlockEndDate FROM Users_Block WHERE UserUID = @UserUID
IF ( @@ROWCOUNT <> 0 )
BEGIN
-- Block Release
IF ( @BlockEndDate <= @LoginTime )
BEGIN
SET @Status = 0
UPDATE Users_Master SET Status = @Status WHERE UserUID = @UserUID
END
END
END
-- Select
SELECT @Status AS Status, @UserUID AS UserUID
-- Log Insert
IF( @Status = 0 OR @Status = 16 OR @Status = 32 OR @Status = 48 OR @Status = 64 OR @Status = 80 )
BEGIN
EXEC usp_Insert_LoginLog_E @SessionID=@SessionID, @UserUID=@UserUID, @UserIP=@UserIP, @LogType=0, @LogTime=@LoginTime, @LoginType=@LoginType
END
SET NOCOUNT OFF
GO
NOTE some of the procedures might be different or differently named on your server as i have extensively edited mine. for example the dbo.usp_Try_GameLogin_R of mine used to be Try_GameLogin_taiwan or something so i edited it in the exe files to point to the proper SP.
Thanks to abrasive for the original idea.
|
|
|
|
 |
Similar Threads
|
[How To] Password Hashing
07/03/2011 - Shaiya PServer Development - 13 Replies
I wrote this during breakfast on my way to work so there isn't a ton of documentation along with it.
A quick answer to why storing passwords (in plain text) in a database is bad: Why are plain text passwords bad, and how do I convince my boss that his treasured websites are in jeopardy? - Stack Overflow
Here is what my .. looked like after I implemented password hashing:
http://a.imageshack.us/img261/2329/shaiyapsusersm aster.gif
As you can see I changed the data types on a few...
|
encryption
08/17/2010 - CO2 Private Server - 0 Replies
anybody can explain this?
I got it from another site about encryptions and cryptographers.
but didn't understand much of it, so if anybody can explain better.
//********************
//KEYS
//********************
//Binary
//********************
01000101 01111000 01111000 00100000 01111011 00100000 00101111 00101111 01000101 01111000 01111000 00100000 01001000 01100101 01111000 00100000 01100011 01110010 01111001 01110000 01110100 01101111 00001101 00001010 01111000 00101000 01001000...
|
Encryption
12/04/2008 - CO2 Private Server - 23 Replies
What is so good about having a client that is 5017+?
And this encryption......what is it?
|
RF CM encryption??
05/20/2008 - RF Online - 5 Replies
I was playing a little with WPE and now it seems all packets are ciphered, cause for example, when you throw away an item you could recognise a pattern, but now all i can see are random bytes in the throw away packets. Could it be cause of the last patch that CM has applied? Has anyone experienced this?
Sorry pls move this thread to the other forum
|
All times are GMT +1. The time now is 05:11.
|
|
