wow, that's pretty good. i never thought about doing that. i'll be looking forward to this as soon as you get it finished
| Mirage Source http://web.miragesource.net/forums/ |
|
| Encrypt passwords, shrink accounts. http://web.miragesource.net/forums/viewtopic.php?f=210&t=388 |
Page 1 of 1 |
| Author: | Lea [ Wed Aug 16, 2006 10:58 pm ] |
| Post subject: | Encrypt passwords, shrink accounts. |
Hi folks. I'm going to tell you how to encrypt your passwords with MD5, so they arent snatchable from your server-side accounts, nor from your packets. The MD5 checksum is only 16 bytes long, so you will be able to shrink the size of Account.Password by 4 bytes! Yay! First download the "MD5 Digest" code, and add the class to client: http://www.frez.co.uk/freecode.htm No go to modTypes both server side and client side and change Code: Password as String * NAME_LENGTH to Code: Password as String * 16 'Length of our MD5 checksum Now, client side, find SendNewAccount, SendDelAccound, and SendLogin. Code: Change Trim$(Password) to MD5.MD5(Password) At the begining of each sub, add Code: Dim md5 As CMD5 Set md5 = New CMD5 and at the end of each sub, add Code: Set md5 = Nothing
And that's all there is to it! Keep in mind that you will not be able to recover users passwords, and you might want to make a simple utility to reset someone's password, or add that functionality server side. ~Dave |
|
| Author: | Lea [ Thu Aug 17, 2006 12:04 am ] |
| Post subject: | |
Realized something, and am working on it. Minutes please. |
|
| Author: | Lea [ Thu Aug 17, 2006 1:01 am ] |
| Post subject: | |
Right now, it is saving the Hex checksum as a string, the string is 32 characters long (two hex digits per byte) this tutorial will still work, but it is only using the first half of the checksum. I will post an update when I get it to save the entire checksum as a byte array! |
|
| Author: | Obsidian [ Thu Aug 17, 2006 7:41 am ] |
| Post subject: | |
wow, that's pretty good. i never thought about doing that. i'll be looking forward to this as soon as you get it finished
|
|
| Author: | Classified [ Thu Aug 17, 2006 6:56 pm ] |
| Post subject: | |
Hashing is the best thing to do when passwords are involved.. especially if they are on a mySQL database. |
|
| Page 1 of 1 | All times are UTC |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|