SA-MP Forums

Go Back   SA-MP Forums > SA-MP Scripting and Plugins > Scripting Help > Tutorials

Reply
 
Thread Tools Display Modes
Old 21/04/2018, 01:33 PM   #31
ranme15
Big Clucker
 
ranme15's Avatar
 
Join Date: Aug 2010
Posts: 179
Reputation: 3
Default Re: Using new SHA-256 function

Quote:
Originally Posted by Phreak View Post
But of someone gets the database wouldn't that mean they also get the salts which would make random salts useless?

Edit: At least in this case, where you store the salt in the same database.
No. Unless you are guessing the player's pass
__________________
INACTIVE
ranme15 is offline   Reply With Quote
Old 21/04/2018, 04:47 PM   #32
JesterlJoker
Huge Clucker
 
Join Date: Apr 2015
Location: Cagayan de Oro, Philippines
Posts: 263
Reputation: 27
Default Re: Using new SHA-256 function

Quote:
Originally Posted by Phreak View Post
But of someone gets the database wouldn't that mean they also get the salts which would make random salts useless?

Edit: At least in this case, where you store the salt in the same database.
You have a salt and the hashed password. You will still need to brutally attack the password to crack it open. You'll still need to have the persons password which is a million possibility.
__________________
My Projects:

JesterlJoker is offline   Reply With Quote
Old 22/04/2018, 08:46 PM   #33
AmigaBlizzard
Huge Clucker
 
Join Date: Jul 2012
Posts: 320
Reputation: 60
Default Re: Using new SHA-256 function

If they have access to your database or user files, in which the hashed password and salt is located, why do they need the password for then?
In that same database, it holds your money, score, kills, ...
They could easily delete all player's money, score, ...
Or they could set their money value to 2 billion.
Or set their admin-level to maximum to have admin privileges upon logging in with their own account.
Or wipe your entire database.
Hashing passwords doesn't make it safe if they have access to your entire database.

Why would they run a script for days/weeks/months to crack a password when all other data is exposed at the same time?
AmigaBlizzard is offline   Reply With Quote
Old 23/04/2018, 11:00 AM   #34
JesterlJoker
Huge Clucker
 
Join Date: Apr 2015
Location: Cagayan de Oro, Philippines
Posts: 263
Reputation: 27
Default Re: Using new SHA-256 function

That's the thing you must learn how hackers think. It's not that they want to do something harmful, its the thrill of the challenge that they'd want to feel...

Those people who would just change stats are not hackers at all, they are just cheaters, but hackers, oh I know how it feels...

To be honest the first thing you should secure the webserver though. No matter how hard shell is your functionality when your database is easy to pick on. Now a days dedicated web servers have a high rate defense than their added functionalities such as PHP and MySQL, which is why hackers would mostly hack a single account and strike slow from there rather than trying to bypass the system through the web server. Which is nearly impossible.

It is plain and stupid to trust anyone to use your web server even if you consider them friend.
__________________
My Projects:

JesterlJoker is offline   Reply With Quote
Old 23/04/2018, 04:11 PM   #35
iKarim
Gangsta
 
iKarim's Avatar
 
Join Date: Oct 2015
Posts: 584
Reputation: 135
Default Re: Using new SHA-256 function

Quote:
Originally Posted by AmigaBlizzard View Post
Why would they run a script for days/weeks/months to crack a password when all other data is exposed at the same time?
Most people use a single password for everything, databases most likely contains users emails and passwords, if you don't hash your passwords, they could easily access the email accounts and start from there.

Saving passwords in plain text or similar methods is ABSOLUTELY terrible, thus you hash your users passwords. In the case of a breach, the harm won't be as much.
__________________
Quote:
Originally Posted by Maximun View Post
Did he requested you some 'Kilobytes' in order to post this thread?
iKarim is offline   Reply With Quote
Old 11/09/2018, 11:08 PM   #36
AmirSavand
Big Clucker
 
AmirSavand's Avatar
 
Join Date: Sep 2018
Location: Behind Schedule
Posts: 51
Reputation: 1
Default Re: Using new SHA-256 function

What about using the MySQL function PASSWORD()? or SHA('password', 256) if I'm not mistaken?
__________________

GitHub - Website - Contact

C# - Python - PHP - Angular
Unity 3D - Django - Electron

AmirSavand is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Error 055: start of function body without function header Magnezia Scripting Help 3 19/05/2015 05:11 AM
[Ajuda] error 055: start of function body without function header AndersonAq PortuguÍs/Portuguese 3 14/03/2014 12:31 AM
Returning inside a switch case, does it go back to the scope of the function, or does it return for the function? Hoborific Scripting Help 4 26/06/2013 12:47 PM


All times are GMT. The time now is 10:05 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.