[Nahin]

Hi.
I've been using a GM for sometime now(got from a friend) and have opened up a little server with it with around 4-5 players. Yesterday, a player told me that he forgot his pass. I thought about checking into the .dudb file and found that the password was in some kind of hash. How do I find it out? It probably use the MD5 include idk.
Thanks for helping.

[Macronix]

Well, the purpose of hashing a password is that you don't get to know it afterwards... just create a new password for your friend (like for example on this site: http://www.md5-creator.com/) and replace the current one in your friends data file

[Abagail]

As Macronix said you can use md5-creator.com. How-ever, maybe you should make a [/changpassword] command for your script. It'll be a lot easier for you.

[Nahin]

Well, in the creator I get a lot of complex passwords including letters and numbers. My hashes consist of only numbers. I'm not sure if it uses the MD5 include. Can anyone help?

[Matess]

Just create an account with password he wants and paste it in his account.

[Nahin]

BUMPing this.

[gtakillerIV]

Like others have stated, there's no way to retrive that password unless you use a program/website to do this. Which ruins the purpose of hashing. I hope you know why we hash sensitive data.

Just change the password and then tell him to use a command like /changepass(if you have one).

[iGetty]

Quote:

Originally Posted by gtakillerIV Like others have stated, there's no way to retrive that password unless you use a program/website to do this. Which ruins the purpose of hashing. I hope you know why we hash sensitive data. Just change the password and then tell him to use a command like /changepass(if you have one).

If you don't have the "/changepass" command, then please post here variables and other things in regards to player files, so then we can assist you in creating one.

Simple fact of hashing is to stop people getting passwords and such, look what happened to PSN (PlayStation Network), when they got hacked.. Millions of passwords were found out, just because they wasn't hashed. That's bad security for your server and I know for a fact, that if I saw a post off somebody who was developing a server I was playing on was attempting to reverse-hash a password, I'd never play on there again, along with making sure that they get reported and listed for foul-play.

I'm not accusing you of this, but it's just a bit suspicious. If you create a command for just you in your script which is "/changeuserpass" so you can change a players password in future incase of them forgetting it, then you tell them to login and "/changepass" to their own specific one, you'd never have this issue arise.

[Vince]

It's probably udb_hash, which is a fancy name for Adler32. This is a checksum algorithm rather than a hashing algorithm. It's incredibly insecure and can be cracked in seconds.