PDA

View Full Version : Login Help


Filbert
07/07/2016, 02:36 PM
Hello guys, I'm beginner and I have a question about login system.
My login system didn't hash my password. Anyone can help me to solve this problem?
Or teach me how to do it?

Thanks, And GOD BLESS YOU ALL :D

DarkSkull
07/07/2016, 03:12 PM
Do you actually try to hash you password? Password won't get hashed automatically. If you have to tell your script to Hash the password. I recommend using WhirlPool for hashing.

Check this tutorial: http://forum.sa-mp.com/showthread.php?t=352703

If you want more tutorials, Check here: http://forum.sa-mp.com/showthread.php?t=360911

Stinged
07/07/2016, 03:58 PM
Why not just using SHA256_PassHash (https://wiki.sa-mp.com/wiki/SHA256_PassHash)?

Jonesy96
07/07/2016, 04:05 PM
As well as hashing your password with Whirlpool (Great choice and recommendation btw), you should really look at adding a salt to the password before hasing it with Whirlpool.

As far as I know, there are no known decryption methods for Whirlpool, however it is still vulnerable to a brute force attack, as it's just comparing the hash with a bunch of other hash's that do not have a salt attached.

Hope that makes sense. Those tutorials above will help you^

oMa37
07/07/2016, 04:20 PM
Why not just using SHA256_PassHash (https://wiki.sa-mp.com/wiki/SHA256_PassHash)?

I have a question regarding this PassHash
If i register with a password like this "PaSSworD", Will it work if i login with "password" ?
Also can i do this with the WP_Hash?

Stinged
07/07/2016, 04:22 PM
I have a question regarding this PassHash
If i register with a password like this "PaSSworD", Will it work if i login with "password" ?
Also can i do this with the WP_Hash?

No, hashing is case sensitive (Both WP_Hash and SHA256_PassHash)

Whirlpool was the best option before SA-MP adding SHA256_PassHash in 0.3.7, but now I just don't see a reason why Whirlpool should be used.
They're both secure enough for passwords.

oMa37
07/07/2016, 04:29 PM
No, hashing is case sensitive (Both WP_Hash and SHA256_PassHash)

Whirlpool was the best option before SA-MP adding SHA256_PassHash in 0.3.7, but now I just don't see a reason why Whirlpool should be used.
They're both secure enough for passwords.

Alright, Thanks.
I will start using SHA256_PassHash, To save a password in the register dialog, something like this? :/

SHA256_PassHash(Info[playerid][Password], "78sdjs86d2h", 129, inputtext);

Stinged
07/07/2016, 04:47 PM
Alright, Thanks.
I will start using SHA256_PassHash, To save a password in the register dialog, something like this? :/

SHA256_PassHash(Info[playerid][Password], "78sdjs86d2h", 129, inputtext);


It should be like this:
SHA256_PassHash(inputtext, "78sdjs86d2h", Info[playerid][Password], 65);

You should also use a random salt and save it with the player data, it's a lot more secure.

oMa37
07/07/2016, 05:16 PM
It should be like this:
SHA256_PassHash(inputtext, "78sdjs86d2h", Info[playerid][Password], 65);

You should also use a random salt and save it with the player data, it's a lot more secure.

And to check if it's right on the login dialog?
Sorry for my questions, I have never used this :)

Stinged
07/07/2016, 05:36 PM
And to check if it's right on the login dialog?
Sorry for my questions, I have never used this :)

You load the salt and password, and then you hash the inputtext with the same salt.
After that, you compare the loaded password and the newly hashed one.