Understandable password hash
#1

Hey. Last night I was scripting the login and register part of my gamemode and I came across thia idea that could somehow become useful.

Is it possible to create an "understandable password hash"? Well, I'm pretty sure you didn't understand what I meant with that. I'll explain the idea. We have this hashed password:

[H][U][6][6][9][N][A][3]
Each letter represents a number. If the user's password is password, we can then understand this:

Код:
P = H;
A = U;
S = 6;
S = 6;
W = 9;
O = N;
R = A;
D = 3;
My idea was to create a system that allows the scripter to choose whichever symbol/letter/number represents a certain letter of the actual password. It'd be set in a .ini file, where the scripter could set the ensemble to represent a certain letter. Actual password numbers would be inside curly brackets. So If our password was to be "password9", it'd show on the player's scriptfiles file like this:

[H][U][6][6][9][N][A][3](9)
The .ini file I talked about earlier could look like the one found below, allowing easy user costumization:

Код:
// upasshash.ini
//Change to fit your likings.

A = [U];
B = [950];
C = [LK];
D = [OIU83];
This is just an idea I'd like to get going and a possible challenge for those who really know a lot of this programming language. I don't know if it's possible, but it could come handy sometime for the server owner.
Reply
#2

that's not how security works..
Reply
#3

Don't try to invent your own hash. This isn't even a hash in the sense of the word because it is reversible. If you need to reset passwords then let your users pre-hash them, then send them to you. Or even better: implement e-mail password reset.
Reply
#4

Quote:
Originally Posted by Vince
Посмотреть сообщение
Don't try to invent your own hash. This isn't even a hash in the sense of the word because it is reversible. If you need to reset passwords then let your users pre-hash them, then send them to you. Or even better: implement e-mail password reset.
Alright Vince, thanks a lot. I was just intrigued to know If this was possible.
Reply
#5

Tell them to becareful when pre-hashing because some sites actually store the hash and the original password. They'll probably even have a decrypter somewhere. That's why password reset via email is the best way to go.
Reply
#6

That could be done by replacing the characters and by running the string on a loop. A small example:
pawn Код:
new
    string[] = "I'm Lordz!";

for(new i; i< strlen(string); i++)
{
    switch(string[i])
    {
        case 'A' : string[i] = 'i';
        case 'B' : string[i] = 'c';
        case 'C' : string[i] = 'z';
        case 'D' : string[i] = 'Y';
        case 'E' : string[i] = 'L';
        //And so...
        case 'Z' : string[i] = 'x';
        //...
        case 'a' : string[i] = 'G';
        case 'z' : string[i] = 'O';
    }
}
Now salting them would be like:
pawn Код:
for(new i; i< strlen(string); i++)
{
    switch(string[i])
    {
        case 'i' : string[i] = 'A';
        case 'c' : string[i] = 'B';
        case 'z' : string[i] = 'C';
        case 'Y' : string[i] = 'D';
        case 'G' : string[i] = 'a';
    }
}
To ease this, you could create defines and then implement them to create an easier function. And if you're looking for INI readings, I suggest you to load them up and store them on an array.

Though, I stick with what Vince has told. This was just an answer to your question in regarding if it's possible to.
Reply
#7

Yes, I was looking for a demonstration. Thanks a lot to all of you, you helped a lot.
Reply
#8

Good point. As a beginner, I did not really think about that. Once more, thanks for explaining. I'm using this for something else, not for any security reasons. I did not really think about that, ******, very good point there.

If you wish to lock and archive this, go on. The question has been replied!
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)