SA-MP Forums

Go Back   SA-MP Forums > SA-MP Server > Server Support

Reply
 
Thread Tools Display Modes
Old 07/09/2018, 11:37 AM   #1
v1k1nG
Huge Clucker
 
v1k1nG's Avatar
 
Join Date: Feb 2018
Posts: 435
Reputation: 31
Default Fix my brains please - Account passwords

Hello everyone, hope you're doing alright.

I have this case to submit to you guys:
Yesterday, on a SAMP server, an admin banned me for multi-accounting (because we are 2 with this IP playing) and I had to open a thread on their forums to get unbanned.
After "solving" this, this admin guy, before locking the thread, wrote "change your password".
What, did he get his nose into my account info and also read my password? Really?

Answer is.. yes, he probably did. He told me "You and your brothers are using the same passwords" using that admin tone.
Personally I didn't and I don't like this at all, this is no shit and everyone here knows.

Now, the scenarios are mainly 4:

1 - They do NOT hash passwords,
2 - Administrators have the "tools" to un-hash the passphrase,
3 - The hash is so simple that g00gle search can decrypt your passwords,
Quote:
Originally Posted by Mauzen View Post
4 - They hash passwords. Maybe salt them, but with a global salt. Same hashs mean same passwords then.
What are your thoughts?

Last edited by v1k1nG; 25/09/2018 at 12:50 AM.
v1k1nG is offline   Reply With Quote
Old 07/09/2018, 12:13 PM   #2
Johny32
Big Clucker
 
Johny32's Avatar
 
Join Date: Dec 2012
Location: Greece
Posts: 175
Reputation: 25
Default Re: Fix my brains please - Account passwords

This is really disrespectful, admins represent the server.
About the hash well.. this is why some people advise you to use a different password for every site/service.
If I was you I would probably get the hell out of their server or that is me.
That's my opinion though oh about the hash they could probably check if both of the hashes match but the fact they expose these type of information lol..
Have a nice day mate.
__________________
Jake Randall - John Vasileiou - JohnnyV
Global surveillance
Johny32 is offline   Reply With Quote
Old 07/09/2018, 01:01 PM   #3
iKarim
Banned
 
Join Date: Oct 2015
Posts: 579
Reputation: 142
Default Re: Fix my brains please - Account passwords

I wouldn't expect any better from a SA-MP server and I am not sure why you would be surprised either. Most of the servers you join doesn't handle user data privacy (or passwords for this case) properly.
iKarim is offline   Reply With Quote
Old 07/09/2018, 01:36 PM   #4
Variable™
Gangsta
 
Join Date: Jul 2015
Posts: 792
Reputation: 179
Default Re: Fix my brains please - Account passwords

Talking about my thoughts, I would regret playing in such server where someone would be telling me what my password is or if I have to change it. If my password is '123', it is my business. If the administrators have access to passwords then this is hilarious, whether they have a command to compare passwords or the passwords aren't hashed, this is all shit.

The ban is invalid in the first place, having multiple accounts shouldn't hurt them unless one of the accounts is banned which I highly doubt.
__________________
Discord | Website
Variable™ is offline   Reply With Quote
Old 07/09/2018, 03:23 PM   #5
iLearner
Gangsta
 
iLearner's Avatar
 
Join Date: Apr 2017
Posts: 577
Reputation: 134
Default Re: Fix my brains please - Account passwords

maybe he checked the hashes and they were the same?
iLearner is offline   Reply With Quote
Old 07/09/2018, 03:24 PM   #6
Mauzen
Banned
 
Join Date: Jun 2007
Location: Western Germany
Posts: 4,880
Reputation: 1597
Default Re: Fix my brains please - Account passwords

4. They hash passwords. Maybe salt them, but with a global salt. Same hashs mean same passwords then.
Mauzen is offline   Reply With Quote
Old 07/09/2018, 05:03 PM   #7
v1k1nG
Huge Clucker
 
v1k1nG's Avatar
 
Join Date: Feb 2018
Posts: 435
Reputation: 31
Default Re: Fix my brains please - Account passwords

Quote:
Originally Posted by iKarim View Post
I wouldn't expect any better from a SA-MP server and I am not sure why you would be surprised either. Most of the servers you join doesn't handle user data privacy (or passwords for this case) properly.
I am not only surprised, but totally amazed by the lack of interest about our personal infos. The server management accept donations too, and do not even care about your "secret word".
That admin I was talking about is a random admin whose skills are all about using admin commands in game. Why does he have the chance of getting these personal infos?
Also, I learnt on this forum to never never put online any of my projects without ensuring myself the register/login system was correctly working and passwords were encrypted.

Quote:
Originally Posted by iLearner View Post
maybe he checked the hashes and they were the same?
Possible, yet any good.

Quote:
Originally Posted by Mauzen View Post
4. They hash passwords. Maybe salt them, but with a global salt. Same hashs mean same passwords then.
Damn, obv!
Will add your quote in 1st post, thanks I didn't think about that when posting!

Thanks for posting guys, I was starting to think I was the alien lol.
v1k1nG is offline   Reply With Quote
Old 07/09/2018, 05:12 PM   #8
darkhunter332
Huge Clucker
 
darkhunter332's Avatar
 
Join Date: Aug 2013
Posts: 273
Reputation: 41
Default Re: Fix my brains please - Account passwords

Most of the old scripts, YINI scripts have no hashed passwords,
Therefor we need to change passwords each server we play on.

I agree with you, very immature.
darkhunter332 is offline   Reply With Quote
Old 07/09/2018, 05:50 PM   #9
Hunud
Gangsta
 
Hunud's Avatar
 
Join Date: Jun 2016
Location: Right here.
Posts: 596
Reputation: 57
Default Re: Fix my brains please - Account passwords

You tried to complain against this administrator ? If they keep doing that just leave this community.
Hunud is offline   Reply With Quote
Old 07/09/2018, 05:59 PM   #10
v1k1nG
Huge Clucker
 
v1k1nG's Avatar
 
Join Date: Feb 2018
Posts: 435
Reputation: 31
Default Re: Fix my brains please - Account passwords

Yes Hunud, I am waiting for its developer to tell me though, he is a member here.
v1k1nG is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Include] sampfw - account.inc | Dynamic player account data (loading & saving) nG Inverse Includes 0 11/09/2017 01:24 AM
[Y_INI]Registering with another account loads previous playerid account xXmAn40100Xx Scripting Help 6 10/08/2015 07:38 PM
Problem with saving account passwords nicholasramdhan Scripting Help 20 24/03/2015 06:55 AM
[GameMode] Basic MySQL Account Script [MySQL R7, cache functions, easydialog, Whirlpool, salted passwords] ReneG Gamemode Scripts 70 02/03/2014 12:48 PM
Use of brains. SaW Everything and Nothing 42 07/02/2011 06:41 PM


All times are GMT. The time now is 04:07 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.