Password hashing - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Password hashing (/showthread.php?tid=655031)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Password hashing (/showthread.php?tid=655031)
Password hashing - Mike861 - 11.06.2018
Besides my issue, i got a few questions aswell.
Im looking for a better password hasher and the way to show the real password to player upon registering so he can write it down or see his password just in case.I god udb_hash by DracoBlue which is a bit outdated i'd say.
Can i show the players real password upon registering like this?
Код:
new pass = PlayerInfo[playerid][pPassword]; format(string,sizeof(string),"Your account has been successfully created.Password(%d)",pass); \\When they register it shows random numbers and sometimes only "0". SendClientMessage(playerid,COLOR_YELLOW,string);
Re: Password hashing - xMoBi - 11.06.2018
No!!!
Do not show them password in plain text in message! Use dialog! because messages are logged.
You can do it like:
PHP код:
RegisterDialog()
{
new wp_pass[129];
WP_Hash(inputtext, wp_pass, sizeof wp_pass);
format(string, sizeof string, "Your account has been successfully created. Password is: %s.", inputtext);
ShowPlayerDialog(playerid, 0, ...);
}
Re: Password hashing - Robin96 - 11.06.2018
It shows a number because the reference you use (%d) represents an integer (number) rather than a string(text). You should use the %s reference.
Fixed code:
PHP код:
new pass = PlayerInfo[playerid][pPassword];
format(string,sizeof(string),"Your account has been successfully created.Password(%s)",pass); \\When they register it shows random numbers and sometimes only "0".
SendClientMessage(playerid,COLOR_YELLOW,string);
Re: Password hashing - Sew_Sumi - 11.06.2018
Quote:
|
Originally Posted by Robin96
 And what do you mean by 'real password'?
|
Re: Password hashing - Mike861 - 12.06.2018
Quote:
|
Originally Posted by Robin96
It shows a number because the reference you use (%d) represents an integer (number) rather than a string(text). You should use the %s reference.
Fixed code: PHP код:
|
Re: Password hashing - Robin96 - 12.06.2018
Quote:
|
Originally Posted by Mike861
Now the brackets where the password is meant to be are blank.Not even numbers.
|
Change the code to:
PHP код:
new pass = PlayerInfo[playerid][pPassword];
printf("pass = %s, enum pPassword = %s", pass, PlayerInfo[playerid][pPassword]);
format(string,sizeof(string),"Your account has been successfully created.Password(%s)",pass); \\When they register it shows random numbers and sometimes only "0".
SendClientMessage(playerid,COLOR_YELLOW,string);
Re: Password hashing - Dayrion - 12.06.2018
Quote:
|
Originally Posted by Robin96
debugging time
Change the code to: PHP код:
|
Re: Password hashing - Logic_ - 12.06.2018
Quote:
|
Originally Posted by xMoBi
PHP код:
|
Re: Password hashing - Logic_ - 12.06.2018
Quote:
|
Originally Posted by ******
DO NOT show the player their password. There's a reason password input boxes only show stars.
DO NOT use SHA256. Yes, it is included with the server, but it is not a good hash. DO NOT use whirlpool. Yes, I released the plugin, but there are better options. Whirlpool and SHA256 are bad for the same reason - they are not a complete solution. Use BCrypt. Don't ever put a password in plaintext, either in a database or on a user's screen. Use BCrypt. BCrypt |
I personally don't have a straight opinion that either you should or shouldn't show the password - But I've never done it ever.
I don't see how SHA256 or Whirlpool can be bad - They do what you'll ever need them for, the only flaw in Whirlpool plugin that I see is for salt, and another flaw I see in SHA256 is that it's adding the salt after the (user's) password - which, if you use a constant one, can be a big problem. Unless if you make a per-user salt, I don't see a problem.
I'd love to know more.
Re: Password hashing - Ada32 - 12.06.2018
Quote:
|
Originally Posted by Logic_
Some servers show player their password in the chat box which is logged in your GTA folder - which is my I think it's better to show them in a dialog since they are not logged.
|
Quote:
|
Originally Posted by Logic_
I personally don't have a straight opinion that either you should or shouldn't show the password - But I've never done it ever.
|
Quote:
|
Originally Posted by Logic_
I don't see how SHA256 or Whirlpool can be bad - They do what you'll ever need them for, the only flaw in Whirlpool plugin that I see is for salt, and another flaw I see in SHA256 is that it's adding the salt after the (user's) password - which, if you use a constant one, can be a big problem. Unless if you make a per-user salt, I don't see a problem.
|
Quote:
|
Originally Posted by Logic_
I'd love to know more.
|