[gold]

Hello, I want to know how i can deycrpt a num_hash for a user.
in the command /getpass
And the user files location is RRP/Users
I need it like this :

pawn Код:

if(strcmp(cmd, "/getpass", true) == 0)
{
        if(IsPlayerConnected(playerid))
        {
                if(PlayerInfo[playerid][pAdmin] >= 20 && IsPlayerAdmin(playerid))
                {
                        //Here the code
                }
        }
        return 1;
}

Thanks who can help me with this, i need it for if somone losses his password.

And encrypt

pawn Код:

if(strcmp(cmd, "/getdpass", true) == 0)
{
        if(IsPlayerConnected(playerid))
        {
                if(PlayerInfo[playerid][pAdmin] >= 20 && IsPlayerAdmin(playerid))
                {
                        //Here the code
                }
        }
        return 1;
}

To set someone a new password, so i can know the hash

[RyDeR`]

Which hash do you want? Not every encryption is possible to decrypt.

[gold]

What hush there are ? can you tell me, and i will tell you the excat. beacuse its not in my GM in a stock, its in an include. example for a hash : 68419882

[RyDeR`]

Show me the include.

[Vince]

If a player loses his password, you should just reset it to something random and give the random password to the player. He can then use it in a command like /changepass or something so he can change it to a password he likes. That's the whole point of using hashes. No-one is ever supposed to see plain text passwords of players, not even the owners. I consider this a serious breach of privacy.

[gold]

pawn Код:

#include <a_samp>
#include <core>
#include <float>
#include <time>
#include <file>
#include <utils>
#include <morphinc>
#include <streamer>
#include <Dini>
#include <dutils>
#include <audio>
#include <YSI/y_ini>

[JaTochNietDan]

The whole point of a hash is not to be able to de-hash it, it's one way. There is a huge difference between encryption and hashing. Encryptions are meant to be decrypted with a specific key and hashes are not supposed to be possible to de-hash, otherwise what would be the point of hashing players passwords? That would be like storing them in plain text if you could reverse engineer a hashing algorithim so easily.

I can tell by your hash that it's probably udb_hash, which is based on an old hashing system that isn't very secure at all, you should move on to a system like MD5, Whirlpool or SHA1 with salts.

Also like a poster above me said, if the server is able to tell players what their password is, then that is very worrying for them, because it means their password is not secured properly.

[gold]

Quote:

Originally Posted by JaTochNietDan The whole point of a hash is not to be able to de-hash it, it's one way. There is a huge difference between encryption and hashing. Encryptions are meant to be decrypted with a specific key and hashes are not supposed to be possible to de-hash, otherwise what would be the point of hashing players passwords? That would be like storing them in plain text if you could reverse engineer a hashing algorithim so easily. I can tell by your hash that it's probably udb_hash, which is based on an old hashing system that isn't very secure at all, you should move on to a system like MD5, Whirlpool or SHA1 with salts. Also like a poster above me said, if the server is able to tell players what their password is, then that is very worrying for them, because it means their password is not secured properly.

Oh, so i won't need the un hash at all, i want to secure the server, how to make it an MD5 ?
can you tell me please how to make a stock and all..
thanks !

[AndreT]

Creating collisions in MD5 hasn't been much of a job for a few years now. That's why using it or at least implementing it to new projects is discouraged. It is better to be safe than sorry, so use the Whirlpool hash plugin by ******. No vulnerabilities found in that method yet.