NEW GAMES ONLY--SUPER Secure your Password System, Stop using Md5.

Zeggy · December 29, 2009

I'm sorry for my last post, it was a stupid post.

I simply wanted to argue the fact that 150 char SALT random per user is not needed when it could be just as secure with SET 50 char SALT in the file. (obviously 150 random per user would be statistically more secure - but not needed)

You know what, this is something I agree with. Yes, it is not needed if you really don't want it and you think your site is secure enough.

I listed using a different salt per user as just one of a number of ways to make password storing safer. Like I said in a much earlier post from this thread, there are so many ways of storing passwords in a safer way. You could very well be using a 10 character salt and be just fine with it.

But there is so little to stop you from using a random salt with each user. Time spent generating the hash is negligible, and disk space usage is too, until you get huge amounts of players in which case you can certainly afford more disk space.

In the end, how far you want to go with this issue depends on how willing you are to provide the best and beyond for your players. If player passwords are easily cracked, then it is your players that suffer in the first place. Of course, if your game admin control panel is using the same security techniques then your game will suffer too, in a much more direct way :P

Zero-Affect · December 29, 2009

In the end, how far you want to go with this issue depends on how willing you are to provide the best and beyond for your players. If player passwords are easily cracked, then it is your players that suffer in the first place. Of course, if your game admin control panel is using the same security techniques then your game will suffer too, in a much more direct way

Yeah my admin panel works on another concept and at the moment most MC games run no admin panel security and just plain PASS to MD5 so i can see where that is alot different than what i use which is sha512 with ** char SALT (i won't give the exact amount of chars) i do though use my ideal rather than different SALT's per user i use a single one, like i believe SMF forum used at one point and still do.

so we agree to disagree?

Agon · December 30, 2009

LOLZ.

You two flirt so much, you should just go out on a date already.

Bwahahahazorz!

Joshua · December 30, 2009

Popcorn anyone?

This WAS a freebie addition thread :P it's been hi-jacked >,<

Zero-Affect · December 30, 2009

Popcorn anyone?
This WAS a freebie addition thread :P it's been hi-jacked >,<

Yeah sorry about that mate.

Joshua · December 30, 2009

Np, I brought popcorn ^_-

Zero-Affect · December 30, 2009

Wanna share:( I'm hungry Zeggy beat me and left me here to reflect

Joshua · December 30, 2009

Sure, soon as i can get it back from the wife ><

grr damn marriages, they eat all the food, spend all the money, and when it comes to "sexors" they have a headache

!

lol.

Mcfarlin · December 30, 2009

Replace the password bit with

$salted_hash

you may need to add { } around it {$salted_hash}

this does not work bro. but if i try to use just $userpass=$userpass it works, but im not so sure about how. lol

Joshua · December 31, 2009

you can try it a few diff ways, it varies on the game set up and server

userpass=$salted_hash

userpass={$salted_hash}

`userpass` = '{$salted_hash}'

I had to do the last one on my staff change password for users bit.

rulerofzu · December 31, 2009

Replace the password bit with

$salted_hash

you may need to add { } around it {$salted_hash}

this does not work bro. but if i try to use just $userpass=$userpass it works, but im not so sure about how. lol

It does work your just not doing it right!

Mcfarlin · December 31, 2009

its this crappy sever come to find out.

Joshua · December 31, 2009

Figures ><

Zero-Affect · December 31, 2009

userpass=$salted_hash
userpass={$salted_hash}

FAIL much...

lol it's text you need the quote it (the 3rd would work)

Joshua · December 31, 2009

Again Zero it depends on how the query looks

As it didnt want to quote in my preferances, kept bugging. Then changed to the first and it worked

Reg/Auth however I had to quote it.

Beats me ><

Zero-Affect · December 31, 2009

interesting what where the queries?

examples obviously lol im not asking for your SALT

Joshua · December 31, 2009

I'll look em up and post em when i'm not sleepy >,<

January 2, 2010

I saw Sha2 the other day. is there a differnece?

rulerofzu · January 2, 2010

Different hash engines. Usually numbered by level of encryption strength

md2 md4 md5 sha1 sha224 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost adler32 crc32 crc32b salsa10 salsa20 haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5

Zero-Affect · January 2, 2010

i heard whirlpool is a very good one.

January 2, 2010

whats the best one that is compatible with php and mysql?

rulerofzu · January 2, 2010

The current strongest encryption algorithms are SHA-512, RIPEMD-320, and Whirlpool. With whirlpool being the youngest of the group its expected to be a strong contender in the future due to its continued work.

They are all compatible with php/mysql

See

http://uk.php.net/manual/en/function.hash.php

Sign In

NEW GAMES ONLY--SUPER Secure your Password System, Stop using Md5.

Recommended Posts

Zeggy

Zero-Affect

Agon

Joshua

Zero-Affect

Joshua

Zero-Affect

Joshua

Mcfarlin

Joshua

rulerofzu

Mcfarlin

Joshua

Zero-Affect

Joshua

Zero-Affect

Joshua

Guest Null

rulerofzu

Zero-Affect

Guest Null

rulerofzu

Join the conversation

Browse

Activity

Hosting