[faff]

I'm using one-way encryption for player passwords but now I need two-way encryption for admin password/pin since people must be able to check their admin password and edit it (wich gets generated randomly) IG.

Thank you.

[SickAttack]

Hashes aren't encryption, they're one way only. Encryption can be reversed.

Just add a new field in your database, create a hash, save and load it how you would do normally, and make admins log into to their accounts then into their admin accounts for admin permissions.

[Freaksken]

Do not use two-way encryption, ever. You shouldn't be able to decrypt an encrypted string!

If you have a system that randomly generates a password, force them to make a new one the first time they want to log in. This newly created password should then override the randomly generated one.

[Vince]

Quote:

Originally Posted by Freaksken Do not use two-way encryption, ever.

It can be useful in certain situations. You may want to encrypt the e-mail addresses, for example. If you store the key in the gamemode and the database gets compromised then the attacker will only see the encrypted values. Obviously you can't hash them because you need to know what they are. Anything to do with passwords, however, should always be hashed.