Quote:
Originally Posted by Sithis
Don't use whirlpool. It isn't secure. Use SHA-256 or SHA-512. Make sure to use a unique salt for every player.
|
How's whirlpool not secure?
Anyhow @OP: if you're going for whirlpool as i said you'd have to download the whirlpool plugin and plug this on top of your script:
PHP код:
native WP_Hash(buffer[], len, const str[]);
then you salt the password using the tutorial i sent above
LINK then you hash it using
WP_Hash(outcomestring, sizeof(outcomestring), PasswordString); whereas outcomestring is the string that'll come out hashed and PasswordString is the password you wanna hash AFTER it was salted again i say through the tutorial already sent. For an ex script here's a quick one using the tutorial and whirlpool altogether:
PHP код:
new salt[64], password[128], string[128], outcomestring[129]; //declare some variables
randomString(salt, sizeof(salt)); //generate our 'salt'
//combine salt with password
strcat(string, salt); //your salt
strcat(string, password); //your password
WP_Hash(outcomestring, 129, string); //hashing the outcome using whirlpool
//then you save both outcomestring and salt in the player's file.
//the random string generator:
stock randomString(strDest[], strLen = 10)
{
while(strLen--)
strDest[strLen] = random(2) ? (random(26) + (random(2) ? 'a' : 'A')) : (random(10) + '0');
}
EDIT: i forgot to tell you some notes tho you SHOULD read the tutorial, you need to save the salt for when a player logs in, and you do the same process, you load the salt that was saved from the file, you take the password the player typed, you combine both the password and the salt again, you hash them again, you compare that hashed string with the hash saved in the file if they're the same let him login else = wrong password.