So they not done it yet...and i wonder when...
I don't think they know how make a phpkeygen for encrypt the actual passwords.
phpkeygen? wtf.
The only thing they need to do is the generation of a random string (find on google in 5sec) and add 2 more database fields (hash,salt).
salt will be set to the random string and hash will be sha(sha(salt).sha(password)) for example.
Then the password validation needs to be changed to
phpkeygen? wtf.
The only thing they need to do is the generation of a random string (find on google in 5sec) and add 2 more database fields (hash,salt).
salt will be set to the random string and hash will be sha(sha(salt).sha(password)) for example.
Then the password validation needs to be changed to
you stupid as ever, how you call a php that from a string generate a hash key? i call it keygen but you can call it how you like for do the big mouth.
These days kids...
phpkeygen? wtf.
The only thing they need to do is the generation of a random string (find on google in 5sec) and add 2 more database fields (hash,salt).
salt will be set to the random string and hash will be sha(sha(salt).sha(password)) for example.
Then the password validation needs to be changed to
//retrieve password hash for user
$password_hash = '$2y$10$I/ZI7e0xB9F4DVbDH6mTBOH7kwdCxUZnxa4EE2E6Ng78zphjLAIRq';
if(password_verify($password, $password_hash))
{
//password correct, user logged in
}
1 minute of work to have secure passwords. salting and crypting taken care of.
NP
That code require a form or a edit for every account, better a one-go code.
Access to db with a loop for read every row and into the loop the hash the string and replace into db.
That code require a form or a edit for every account, better a one-go code.
Access to db with a loop for read every row and into the loop the hash the string and replace into db.
You may do hash = sha1(sha1($password) . sha1(sha1($username) . sha1($salt)));
You may do hash = sha1(sha1($password) . sha1(sha1($username) . sha1($salt)));
Don't over hash, the next code is good enougn.
Code:
sha1( sha1($password) . sha1($salt) )
Al tough I recommend using wa-sta's method since it uses bcrypt which is more secure then sha1.
Keep in mind that bcrypt generates a string of 60 characters, a salt is included so you don't have to worry about it. You can store this in your table under the column password without needing to add an extra salt column, just keep in mind that you put the size to at least 60 or else you might truncate date. It's recommended to use a size of 255 for future expansion (which is mentioned in the PHP documentation).
You can use bcrypt.net (found ) to validate it inside your emulator.
Enjoy, here is some free advice now do something with it.
Al tough I recommend using wa-sta's method since it uses bcrypt which is more secure then sha1.
Keep in mind that bcrypt generates a string of 60 characters, a salt is included so you don't have to worry about it. You can store this in your table under the column password without needing to add an extra salt column, just keep in mind that you put the size to at least 60 or else you might truncate date. It's recommended to use a size of 255 for future expansion (which is mentioned in the PHP documentation).
You can use bcrypt.net (found ) to validate it inside your emulator.
Enjoy, here is some free advice now do something with it.
Not overcrypted though, but creating an own way will sure be more safe than use a generic one, so if your database might be broken, well, if don't use generic way it will be very impossible to descramble the password
Not overcrypted though, but creating an own way will sure be more safe than use a generic one, so if your database might be broken, well, if don't use generic way it will be very impossible to descramble the password
But also kept in mind that this is not a NASA project...who will spend months/years for decrypt a password? (except for the lifeless cyno)
UltimateWar - Private Server - Beta 06/13/2013 - WarRock - 10 Replies We are serach for 4 testers for UltimateWar server.
The testers will get level 50, 90d gold and 30K Cash.
Want ? send me a private massage.