Login Help
#1

Hello guys, I'm beginner and I have a question about login system.
My login system didn't hash my password. Anyone can help me to solve this problem?
Or teach me how to do it?

Thanks, And GOD BLESS YOU ALL
Reply
#2

Do you actually try to hash you password? Password won't get hashed automatically. If you have to tell your script to Hash the password. I recommend using WhirlPool for hashing.

Check this tutorial: https://sampforum.blast.hk/showthread.php?tid=352703

If you want more tutorials, Check here: https://sampforum.blast.hk/showthread.php?tid=360911
Reply
#3

Why not just using SHA256_PassHash?
Reply
#4

As well as hashing your password with Whirlpool (Great choice and recommendation btw), you should really look at adding a salt to the password before hasing it with Whirlpool.

As far as I know, there are no known decryption methods for Whirlpool, however it is still vulnerable to a brute force attack, as it's just comparing the hash with a bunch of other hash's that do not have a salt attached.

Hope that makes sense. Those tutorials above will help you^
Reply
#5

Quote:
Originally Posted by Stinged
Посмотреть сообщение
Why not just using SHA256_PassHash?
I have a question regarding this PassHash
If i register with a password like this "PaSSworD", Will it work if i login with "password" ?
Also can i do this with the WP_Hash?
Reply
#6

Quote:
Originally Posted by oMa37
Посмотреть сообщение
I have a question regarding this PassHash
If i register with a password like this "PaSSworD", Will it work if i login with "password" ?
Also can i do this with the WP_Hash?
No, hashing is case sensitive (Both WP_Hash and SHA256_PassHash)

Whirlpool was the best option before SA-MP adding SHA256_PassHash in 0.3.7, but now I just don't see a reason why Whirlpool should be used.
They're both secure enough for passwords.
Reply
#7

Quote:
Originally Posted by Stinged
Посмотреть сообщение
No, hashing is case sensitive (Both WP_Hash and SHA256_PassHash)

Whirlpool was the best option before SA-MP adding SHA256_PassHash in 0.3.7, but now I just don't see a reason why Whirlpool should be used.
They're both secure enough for passwords.
Alright, Thanks.
I will start using SHA256_PassHash, To save a password in the register dialog, something like this? :/
PHP код:
SHA256_PassHash(Info[playerid][Password], "78sdjs86d2h"129inputtext); 
Reply
#8

Quote:
Originally Posted by oMa37
Посмотреть сообщение
Alright, Thanks.
I will start using SHA256_PassHash, To save a password in the register dialog, something like this? :/
PHP код:
SHA256_PassHash(Info[playerid][Password], "78sdjs86d2h"129inputtext); 
It should be like this:
Код:
SHA256_PassHash(inputtext, "78sdjs86d2h", Info[playerid][Password], 65);
You should also use a random salt and save it with the player data, it's a lot more secure.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)