18.08.2016, 21:36
Good point on the fact that you should salt your passwords, to prevent someone from using a rainbow table to crack most passwords in your database at once.
The bad thing about using SHA-256 though is that it can be run 1400 million times per second on a consumer-grade GPU, cracking a 6 character long password (containing a-z, A-Z, 0-9 and a LOT of different symbols) in under 8 minutes. If one of your admins are dumb as fuck and have some scuffed password, it'll get bruteforced, and you're going to (probably) have a bad time, unless the breach is detected. I'd better be safe than sorry.
Please check out bcrypt, which even comes with a built-in salting function. Implementation for SA-MP here.
The bad thing about using SHA-256 though is that it can be run 1400 million times per second on a consumer-grade GPU, cracking a 6 character long password (containing a-z, A-Z, 0-9 and a LOT of different symbols) in under 8 minutes. If one of your admins are dumb as fuck and have some scuffed password, it'll get bruteforced, and you're going to (probably) have a bad time, unless the breach is detected. I'd better be safe than sorry.
Please check out bcrypt, which even comes with a built-in salting function. Implementation for SA-MP here.