Encryption - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Encryption (/showthread.php?tid=648247)

---

Encryption - Kraeror - 18.01.2018

Hello guys, I'm learning PHP, because I want to create an UCP for my SA-MP server. I'm encrypting my password in PHP with "md5" function, but It is encrypting it only for the PHP, how can I encrypt it in my server, like when I register in the game the password will be "123456789" encrypted to "desahgf54g45ds6g4dg8tdfhg64ds", but PHP can read it?
I hope you understand me, thank you!!!
+1 REP to HELPERS

---

Re: Encryption - vitespirite - 18.01.2018

If you use mysql I advise you to use the MD5 function in your query to insert the table of your account into your database

---

Re: Encryption - Kraeror - 18.01.2018

I'm using MySQL database too. How to use this MD5 in my query can you give me just an example?

---

Re: Encryption - Kraeror - 18.01.2018

My pice of code:
This is the password inserting in the table:
This is for reading the password if it is correct:

---

Re: Encryption - vitespirite - 18.01.2018

---

Re: Encryption - Lucases - 18.01.2018

Use SHA_256 instead

---

Re: Encryption - mschnitzer - 18.01.2018

MD5 is a hashing algorithm and it's not being used for encryption/decryption. I would really suggest to not use MD5 as it's no longer secure. There are many plugins out there that support more hashing algorithms.

I also built one: https://github.com/mschnitzer/hashlib

I recently implemented support for bcrypt but it's currently only supported on linux. So if you've a linux server running, you can use it if you want: https://github.com/mschnitzer/hashli.../tag/1.2.0-RC1

Just ping me here if you need help with the implementation.

---

Re: Encryption - Misiur - 18.01.2018

Salt all your passwords, and choose GPU-unfriendly hash function with a lot of iterations.

---

Re: Encryption - RogueDrifter - 19.01.2018

This ^ i also recommend salt-hash. if you don't know what salting is read this TOPIC and use any hashing system you can use whirlpool wp_hash but make sure you salt on register mix the pw with the salt, save the salt, load the salt on login, you see the steps is you save the password and load it the exact same way you saved it.

---

Re: Encryption - Kraeror - 19.01.2018

Is that supports PHP??
Give me an example, using my code.

---

Re: Encryption - Misiur - 19.01.2018

http://php.net/manual/en/function.hash.php

---

Re: Encryption - Kraeror - 19.01.2018

How to use it in pawno (the same encryption)?
pls update my pawno code using this encryption
Here is the password reading in PHP: (update it too please )
$password =trim(htmlspecialchars($_POST["password"]));

---

Re: Encryption - Sithis - 19.01.2018

Don't use whirlpool. It isn't secure. Use SHA-256 or SHA-512. Make sure to use a unique salt for every player.

---

Re: Encryption - Misiur - 19.01.2018

I'd suggest pbkdf2 but don't know if there are implementations for samp. Source for info about whirlpool being unsecure please.

---

Re: Encryption - RogueDrifter - 19.01.2018

How's whirlpool not secure?

Anyhow @OP: if you're going for whirlpool as i said you'd have to download the whirlpool plugin and plug this on top of your script:
then you salt the password using the tutorial i sent above LINK then you hash it using WP_Hash(outcomestring, sizeof(outcomestring), PasswordString); whereas outcomestring is the string that'll come out hashed and PasswordString is the password you wanna hash AFTER it was salted again i say through the tutorial already sent. For an ex script here's a quick one using the tutorial and whirlpool altogether:
EDIT: i forgot to tell you some notes tho you SHOULD read the tutorial, you need to save the salt for when a player logs in, and you do the same process, you load the salt that was saved from the file, you take the password the player typed, you combine both the password and the salt again, you hash them again, you compare that hashed string with the hash saved in the file if they're the same let him login else = wrong password.

---

- Kraeror - 19.01.2018

RogueDrifter how can I decrypt it in PHP? Like when I register in the server with password: 123asdfg it is encrypting to dsawdsagfds34gh6fd5h4gfs68gtbf1s8g4s6g18s6dfg2s6f8 4s, but when the php read it again, it reads as: 123asdfg
I want to connect my site with my server

Any help ?

---

Re: Encryption - Logic_ - 19.01.2018

There's a huge difference between hash and encryption. And you don't need to un-hash because that's not possible, hash the password player enters and compare it. What's so difficult??

---

Re: Encryption - Kraeror - 19.01.2018

I want my password to be encrypted to MySQL then when I enter it to the site, it is decrypting.
I'm using the same database in the site and the server (Because I'm creating UCP).

---

Re: Encryption - NaS - 19.01.2018

You need to find an algorithm that is available in the exact same way to PHP and PAWN (SHA_256 is available in both, without additional plugins).

But you should never actually decrypt it, neither in PHP nor in PAWN. It's actually not even possible.

What you have to do is (on register) generate a salt, add it to the passwort and hash it, then save the hashed string and the salt seperately to MySQL.

On login, you do the exact same thing with the user input in PHP and PAWN - load the salt and the saved hash from the database, add the salt to the user input and hash it. Then compare the hashed user input with the saved password hash.

---

- Kraeror - 19.01.2018

NaS BRO can you tell me how to do it?
Give me an example using this code:
PAWNO:
PHP:
CAN YOU UPDATE IT WITH THIS ENCRYPTING PLEASE ?

PLEASE HELP ME!!!

---