PDA

View Full Version : Whirlpool - Hashing Problem


Tee
08/01/2012, 07:17 PM
The problem is the inputtext is one character longer than the password coming from the database.

[20:50:26] input : 74DFC2B27ACFA364DA55F93A5CAEE29CCAD3557247EDA23883 1B3E9BD931B01D77FE994E4F12B9D4CFA92A124461D2065197 D8CF7F33FC88566DA2DB2A4D6EAE
[20:50:26] PlayerData: 74DFC2B27ACFA364DA55F93A5CAEE29CCAD3557247EDA23883 1B3E9BD931B01D77FE994E4F12B9D4CFA92A124461D2065197 D8CF7F33FC88566DA2DB2A4D6EA

Psymetrix
08/01/2012, 07:50 PM
Is the string that your using to store the hashed password big enough? It should be 129. All I can think of sorry.

TheArcher
08/01/2012, 07:53 PM
I dont know what you mean. As i understand you try to paste the password in game from the database? If so they don't match.

Wesley221
08/01/2012, 08:08 PM
I had the same problem, couldnt find any way to fix this.

When you compare the passwords, just change the size you want to compare:

if( !strcmp( playerdata, inputtext, false, 127 )
Like that it'll cut the last character away

Tee
08/01/2012, 08:27 PM
Thanks, I was thinking of strdel but that didn't work. Thanks, this works. But I'm wondering if it has something to do with StrikenKid's MySQL plugin because I don't get the problem when I use Blue-G's plugin.
By the way, whose plugin are you using?

Vince
08/01/2012, 09:04 PM
Just a note from my side. Why do people use Whirlpool when there are so many hashing functions natively available in MySQL? Yes, I know that people complain that MD5 and SHA1 have certain flaws in it, but it should suffice for what you're doing.

If you do really care about someone hacking into your database, you can add a unique salt to the password. For example, something like this would be uncrackable, or it would take a very long time to crack it.

sha1(concat(sha1('mypassword'), sha1('&$?')))

Where '&$?' is replaced with a unique random salt for each player.

Steven82
08/01/2012, 09:08 PM
Just a note from my side. Why do people use Whirlpool when there are so many hashing functions natively available in MySQL? Yes, I know that people complain that MD5 and SHA1 have certain flaws in it, but it should suffice for what you're doing.

If you do really care about someone hacking into your database, you can add a unique salt to the password. For example, something like this would be uncrackable, or it would take a very long time to crack it.

sha1(concat(sha1('mypassword'), sha1('&$?')))

Where '&$?' is replaced with a unique random salt for each player.

Quick question, i don't know much about MySQL or SQLite. But is there a native hashing feature for SQLite? Since i am currently scripting a client's gamemode with an SQLite saving system and i wanted to know before i use Whirlpool or similar hashing techniques. And if there is a native way, can you please give me an example.