1 registered members (BrainSailor),
869
guests, and 5
spiders. |
Key:
Admin,
Global Mod,
Mod
|
|
|
Re: Secure Login
[Re: Ch40zzC0d3r]
#441886
06/05/14 12:14
06/05/14 12:14
|
Joined: Apr 2007
Posts: 3,751 Canada
WretchedSid
Expert
|
Expert
Joined: Apr 2007
Posts: 3,751
Canada
|
You don't need to crack it, it essentially became your password. You just need to send it to the server.
By the way, any operation performed on the client can be traced. And let me stress that again, a salt is not a super secret thing no one is allowed to know. It's not there to make a single hash harder to crack, it's there to make it harder to crack all other hashes.
Edit: Also, you apply to the salt to the password and then hash it. Hash once, don't use double hashes or anything weird. That's just decremental to security.
Last edited by JustSid; 06/05/14 14:08.
Shitlord by trade and passion. Graphics programmer at Laminar Research. I write blog posts at feresignum.com
|
|
|
Re: Secure Login
[Re: alibaba]
#441895
06/05/14 14:58
06/05/14 14:58
|
Joined: Oct 2011
Posts: 1,082 Germany
Ch40zzC0d3r
Serious User
|
Serious User
Joined: Oct 2011
Posts: 1,082
Germany
|
Haha fuck ur right O: YOu can simply send it now to the server .. I didnt think at this :DD I should change my login now. :|
Last edited by Ch40zzC0d3r; 06/05/14 14:59.
|
|
|
Re: Secure Login
[Re: Ch40zzC0d3r]
#441899
06/05/14 17:06
06/05/14 17:06
|
Joined: Apr 2007
Posts: 3,751 Canada
WretchedSid
Expert
|
Expert
Joined: Apr 2007
Posts: 3,751
Canada
|
I didnt think of this :DD And that's the problem with everything cryptography: It's hard to think outside of the box and only making it secure against attacks oneself can think of is not going to actually make it secure. That's why security through obscurity doesn't work and the advice is always to use a peer reviewed, battle tested public implementation and algorithm. If enough eyes look on it, chances are high it won't blow up immediately. Or put differently: Let other looks at your implementation and let them try to break it.
Shitlord by trade and passion. Graphics programmer at Laminar Research. I write blog posts at feresignum.com
|
|
|
Re: Secure Login
[Re: alibaba]
#442180
06/14/14 10:17
06/14/14 10:17
|
Joined: Apr 2007
Posts: 3,751 Canada
WretchedSid
Expert
|
Expert
Joined: Apr 2007
Posts: 3,751
Canada
|
What would you like to achieve with a captcha? Keeping bots from signing up? If so, what would the problem of that be? Keep in mind that the bots have to be taught your custom protocol, so someone needs to have an incentive to write such a bot. If you want to protect yourself against flooding, you should introduce rate limiting into your API endpoints, and define sensible limits (eg. a peer may only request the server list 5 times per minute). That's not a (D)DoS protection, but it can help you avoid heavy computations on the database. Rate limiting you can do on something like redis, or some other in-memory store. Doesn't need to persistent, if the data is lost all rates are reset, but who cares. The advantage is that you don't need to do the full roundtrip to the full-blown database backend which has to drop down to the disk to ensure integrity. Last but not least, here is a presentation about Cryptography called Everything you need to know about cryptography in 1 hour. Keep in mind thought that cryptography ins't the same as security. Edit: Here is the video to the slides: http://blip.tv/fosslc/everything-you-need-to-know-about-cryptography-in-1-hour-3646795
Last edited by JustSid; 06/14/14 10:21.
Shitlord by trade and passion. Graphics programmer at Laminar Research. I write blog posts at feresignum.com
|
|
|
Re: Secure Login
[Re: alibaba]
#442595
06/26/14 08:15
06/26/14 08:15
|
Joined: Apr 2007
Posts: 3,751 Canada
WretchedSid
Expert
|
Expert
Joined: Apr 2007
Posts: 3,751
Canada
|
Iīve now implemented everything you told me. Now my Login script should be safe enought for a multiplayer game, isnīt it? Impossible to tell without reviewing the code.
Shitlord by trade and passion. Graphics programmer at Laminar Research. I write blog posts at feresignum.com
|
|
|
Re: Secure Login
[Re: WretchedSid]
#442603
06/26/14 13:15
06/26/14 13:15
|
Joined: May 2008
Posts: 2,113 NRW/Germany
alibaba
OP
Expert
|
OP
Expert
Joined: May 2008
Posts: 2,113
NRW/Germany
|
Iīve now implemented everything you told me. Now my Login script should be safe enought for a multiplayer game, isnīt it? Impossible to tell without reviewing the code. Would you do it if i share the code with you?
|
|
|
|