|
You last visited: Today at 01:40
Advertisement
[Release] UltimateWar - WarRock Private Server
Discussion on [Release] UltimateWar - WarRock Private Server within the WarRock forum part of the Shooter category.
09/03/2015, 10:13
|
#166
|
elite*gold: 0 
Join Date: Aug 2012
Posts: 53
Received Thanks: 7
|
Quote:
Originally Posted by ✔Star✔
Thanks for your feedback, it's on our list.
We will reply to the topic when we switched over to password encryption.
|
So they not done it yet...and i wonder when...
I don't think they know how make a phpkeygen for encrypt the actual passwords.
|
|
|
|
09/03/2015, 11:33
|
#167
|
elite*gold: 158
Join Date: Sep 2011
Posts: 878
Received Thanks: 2,493
|
Quote:
Originally Posted by *Last*
So they not done it yet...and i wonder when...
I don't think they know how make a phpkeygen for encrypt the actual passwords.
|
phpkeygen? wtf.
The only thing they need to do is the generation of a random string (find on google in 5sec) and add 2 more database fields (hash,salt).
salt will be set to the random string and hash will be sha(sha(salt).sha(password)) for example.
Then the password validation needs to be changed to
$valid_user = sha(sha($db_row['salt']).sha($input_password)) == $db_row['hash'];
|
|
|
|
|
09/03/2015, 12:05
|
#168
|
elite*gold: 30
Join Date: May 2013
Posts: 1,546
Received Thanks: 2,597
|
i can give NSA Encryption AKA AES 5012 with 5012 key encrypition very strong and strong est password.
|
|
|
|
|
09/03/2015, 12:20
|
#169
|
elite*gold: 0
Join Date: Aug 2012
Posts: 53
Received Thanks: 7
|
Quote:
Originally Posted by Cyno™
phpkeygen? wtf.
The only thing they need to do is the generation of a random string (find on google in 5sec) and add 2 more database fields (hash,salt).
salt will be set to the random string and hash will be sha(sha(salt).sha(password)) for example.
Then the password validation needs to be changed to
$valid_user = sha(sha($db_row['salt']).sha($input_password)) == $db_row['hash'];
|
you stupid as ever, how you call a php that from a string generate a hash key? i call it keygen but you can call it how you like for do the big mouth.
These days kids...
|
|
|
|
|
09/03/2015, 12:28
|
#170
|
elite*gold: 30
Join Date: May 2013
Posts: 1,546
Received Thanks: 2,597
|
Quote:
Originally Posted by Cyno™
phpkeygen? wtf.
The only thing they need to do is the generation of a random string (find on google in 5sec) and add 2 more database fields (hash,salt).
salt will be set to the random string and hash will be sha(sha(salt).sha(password)) for example.
Then the password validation needs to be changed to
$valid_user = sha(sha($db_row['salt']).sha($input_password)) == $db_row['hash'];
|
Hello Frankly ...
how are you long time didn't see you on battle. what happen ? where Kozboh ?
|
|
|
|
|
09/03/2015, 14:52
|
#171
|
elite*gold: 32
Join Date: Dec 2009
Posts: 937
Received Thanks: 1,307
|
Quote:
Originally Posted by GHTheBoss
Hello Frankly ...
how are you long time didn't see you on battle. what happen ? where Kozboh ?
|
He's with me, sexy time and stuff.
|
|
|
|
|
09/03/2015, 19:42
|
#172
|
elite*gold: 0
Join Date: Jul 2013
Posts: 274
Received Thanks: 186
|
Store password upon registration
PHP Code:
<?php
$password = "abc";
$secure_password = password_hash($password, PASSWORD_DEFAULT);
//store $secure_password in database
?>
Check password matching
PHP Code:
<?php
//check
$password = "abc";
//retrieve password hash for user
$password_hash = '$2y$10$I/ZI7e0xB9F4DVbDH6mTBOH7kwdCxUZnxa4EE2E6Ng78zphjLAIRq';
if(password_verify($password, $password_hash))
{
//password correct, user logged in
}
1 minute of work to have secure passwords. salting and crypting taken care of.
NP
|
|
|
|
|
09/03/2015, 22:09
|
#173
|
elite*gold: 0
Join Date: Aug 2012
Posts: 53
Received Thanks: 7
|
Quote:
Originally Posted by wa-sta
Store password upon registration
PHP Code:
<?php
$password = "abc";
$secure_password = password_hash($password, PASSWORD_DEFAULT);
//store $secure_password in database
?>
Check password matching
PHP Code:
<?php
//check
$password = "abc";
//retrieve password hash for user
$password_hash = '$2y$10$I/ZI7e0xB9F4DVbDH6mTBOH7kwdCxUZnxa4EE2E6Ng78zphjLAIRq';
if(password_verify($password, $password_hash))
{
//password correct, user logged in
}
1 minute of work to have secure passwords. salting and crypting taken care of.
NP |
That code require a form or a edit for every account, better a one-go code.
Access to db with a loop for read every row and into the loop the hash the string and replace into db.
|
|
|
|
|
09/03/2015, 23:48
|
#174
|
elite*gold: 0
Join Date: May 2015
Posts: 58
Received Thanks: 6
|
Server offline?
|
|
|
|
|
09/03/2015, 23:56
|
#175
|
elite*gold: 31
Join Date: Jul 2014
Posts: 660
Received Thanks: 299
|
Quote:
Originally Posted by *Last*
That code require a form or a edit for every account, better a one-go code.
Access to db with a loop for read every row and into the loop the hash the string and replace into db.
|
You may do hash = sha1(sha1($password) . sha1(sha1($username) . sha1($salt)));
|
|
|
|
|
09/04/2015, 00:49
|
#176
|
elite*gold: 0
Join Date: Aug 2012
Posts: 53
Received Thanks: 7
|
Quote:
Originally Posted by toxiicdev
You may do hash = sha1(sha1($password) . sha1(sha1($username) . sha1($salt)));
|
if they cant do the simple code (that default in public files) u think they can add username in the hashing code (php+c#)? 
|
|
|
|
|
09/04/2015, 06:32
|
#177
|
elite*gold: 0
Join Date: Jul 2010
Posts: 748
Received Thanks: 569
|
Quote:
Originally Posted by toxiicdev
You may do hash = sha1(sha1($password) . sha1(sha1($username) . sha1($salt)));
|
Don't over hash, the next code is good enougn.
Code:
sha1( sha1($password) . sha1($salt) )
Al tough I recommend using wa-sta's method since it uses bcrypt which is more secure then sha1.
Keep in mind that bcrypt generates a string of 60 characters, a salt is included so you don't have to worry about it. You can store this in your table under the column password without needing to add an extra salt column, just keep in mind that you put the size to at least 60 or else you might truncate date. It's recommended to use a size of 255 for future expansion (which is mentioned in the PHP documentation).
You can use bcrypt.net (found  ) to validate it inside your emulator.
Enjoy, here is some free advice now do something with it.
|
|
|
|
|
09/04/2015, 12:16
|
#178
|
elite*gold: 31
Join Date: Jul 2014
Posts: 660
Received Thanks: 299
|
Quote:
Originally Posted by Sleutel
Don't over hash, the next code is good enougn.
Code:
sha1( sha1($password) . sha1($salt) )
Al tough I recommend using wa-sta's method since it uses bcrypt which is more secure then sha1.
Keep in mind that bcrypt generates a string of 60 characters, a salt is included so you don't have to worry about it. You can store this in your table under the column password without needing to add an extra salt column, just keep in mind that you put the size to at least 60 or else you might truncate date. It's recommended to use a size of 255 for future expansion (which is mentioned in the PHP documentation).
You can use bcrypt.net (found ) to validate it inside your emulator.
Enjoy, here is some free advice now do something with it. |
Not overcrypted though, but creating an own way will sure be more safe than use a generic one, so if your database might be broken, well, if don't use generic way it will be very impossible to descramble the password
|
|
|
|
|
09/04/2015, 13:21
|
#179
|
elite*gold: 0
Join Date: Aug 2012
Posts: 53
Received Thanks: 7
|
Quote:
Originally Posted by toxiicdev
Not overcrypted though, but creating an own way will sure be more safe than use a generic one, so if your database might be broken, well, if don't use generic way it will be very impossible to descramble the password
|
But also kept in mind that this is not a NASA project...who will spend months/years for decrypt a password? (except for the lifeless cyno)
|
|
|
|
|
09/04/2015, 15:17
|
#180
|
elite*gold: 0
Join Date: Jul 2012
Posts: 1,036
Received Thanks: 328
|
To the spammer here.
Can you prefer mutually your Wall spot than this issue?
It's all just spam.
You go a really nerve-sparing on the ..
Quote:
Originally Posted by Crystalize™
Server offline?
|
No, Online. Im playing it to 
|
|
|
|
Similar Threads
|
UltimateWar - Private Server - Beta
06/13/2013 - WarRock - 10 Replies
We are serach for 4 testers for UltimateWar server.
The testers will get level 50, 90d gold and 30K Cash.
Want ? send me a private massage.
|
All times are GMT +1. The time now is 01:42.
|
|
![[Release] UltimateWar - WarRock Private Server](https://www.elitepvpers.com/forum/iconimages/warrock/release-ultimatewar-warrock-private-server_ltr.gif){kind=small}
