SA-MP Forums

Go Back   SA-MP Forums > SA-MP Server > Server Support

Reply
 
Thread Tools Display Modes
Old 10/09/2018, 12:32 PM   #11
Sithis
Gangsta
 
Join Date: Mar 2013
Location: the Netherlands
Posts: 924
Reputation: 79
Default Re: Fix my brains please - Account passwords

Probably means they are either pure shit and don't hash your password at all, in which case you should leave their server because they obviously don't care about security at all.

Other scenario is that they hash your passwords but without a salt or the same salt for every account. In that case they have no idea what they are doing but it seems plausible this is just because of their lack of knowledge. You can either attempt to suggest them how it should be done or just leave the server.

In any decent setup, the stored passwords are hashed with a decent cipher (SHA-256 or above) and have a unique salt per account. Even better would be if they repeated the process multiple times to create a stronger hash (stretching), however that's optional IMHO.
__________________
Developer and owner of https://trinityrpg.com
Sithis is offline   Reply With Quote
Old 14/09/2018, 03:58 PM   #12
NoahF
Gangsta
 
NoahF's Avatar
 
Join Date: Jul 2012
Location: USA
Posts: 889
Reputation: 38
Default Re: Fix my brains please - Account passwords

Account security is the responsibility of server owners and developers. Unfortunately, this is often overlooked and rushed. Sorry you had to endure that. Poor ownership and development!
NoahF is offline   Reply With Quote
Old 14/09/2018, 04:01 PM   #13
ShihabSoft
Banned
 
Join Date: Jun 2016
Posts: 163
Reputation: 8
Default Re: Fix my brains please - Account passwords

As many of 'em mentioned. Most of the GMs which are released after 2k14 uses the whirlpool or some sorta password hashing system.

He must have compared your's and your brother's password hashes and warned you to change it. But that's really none of one's business, even if he's the server owner. If he knows your exact password, then possibly the passwords are stored plain or the server must be collecting your passwords in a separate log or some sort. I'd advice not to use the same password for different servers, including the passwords which are associated with any of your non samp accounts like Gmail, ********, etc.

There's a HIGH RISK in it. Be safe!
ShihabSoft is offline   Reply With Quote
Old 24/09/2018, 11:26 PM   #14
AdamCooper
Banned
 
Join Date: Oct 2011
Location: Israel
Posts: 219
Reputation: 7
Default Re: Fix my brains please - Account passwords

You can see if the HASH is the same no need to see your password.
useless thread..
AdamCooper is offline   Reply With Quote
Old 24/09/2018, 11:36 PM   #15
ConnorW
Big Clucker
 
ConnorW's Avatar
 
Join Date: Apr 2012
Posts: 108
Reputation: 47
Default Re: Fix my brains please - Account passwords

Quote:
Originally Posted by NoahF View Post
Account security is the responsibility of server owners and developers. Unfortunately, this is often overlooked and rushed. Sorry you had to endure that. Poor ownership and development!
I totally agree with you. Also nowadays you see a lot of upcoming projects handled by immature people.
ConnorW is offline   Reply With Quote
Old 25/09/2018, 12:46 AM   #16
v1k1nG
Huge Clucker
 
v1k1nG's Avatar
 
Join Date: Feb 2018
Posts: 411
Reputation: 31
Default Re: Fix my brains please - Account passwords

Quote:
Originally Posted by AdamCooper View Post
You can see if the HASH is the same no need to see your password.
useless thread..
Hello mr developer. What is password salting to you?
EDIT: And you are offering online services too?

Quote:
Originally Posted by ConnorW View Post
I totally agree with you. Also nowadays you see a lot of upcoming projects handled by immature people.
True
v1k1nG is offline   Reply With Quote
Old 25/09/2018, 03:18 AM   #17
Zeus666
Gangsta
 
Join Date: Mar 2015
Posts: 680
Reputation: 50
Default Re: Fix my brains please - Account passwords

you just made me change every social media + every password on any website

at 05:00 morning. good job
Zeus666 is offline   Reply With Quote
Old 25/09/2018, 05:02 AM   #18
AdamCooper
Banned
 
Join Date: Oct 2011
Location: Israel
Posts: 219
Reputation: 7
Default Re: Fix my brains please - Account passwords

Well first of all its obvious you wont insert your paypal email and password as your SAMP account unless you brainless.

Second and I will say this again and explain your more good mr.sarcasm :
My password : 123456 = HASH password AS23%SS ==== Your password : 123456 = HASH password:AS23%SS
AdamCooper is offline   Reply With Quote
Old 25/09/2018, 11:40 AM   #19
ConnorW
Big Clucker
 
ConnorW's Avatar
 
Join Date: Apr 2012
Posts: 108
Reputation: 47
Default Re: Fix my brains please - Account passwords

Quote:
Originally Posted by AdamCooper View Post
Well first of all its obvious you wont insert your paypal email and password as your SAMP account unless you brainless.

Second and I will say this again and explain your more good mr.sarcasm :
My password : 123456 = HASH password AS23%SS ==== Your password : 123456 = HASH password:AS23%SS
It doesn't matter bro, there's a lot ways to get your password even if it's hashed, let's say at the login dialog, you simply add a
PHP Code:
new string[64]; format(stringsizeof(string), "%s"inputtext); printf(string); 
and walah the developer/owner got your password, the only way to avoid that, just don't use the same password you use in other platforms.

EDIT: Basically, there are servers around which they don't use HASH for password, they just don't touch them, but when there are more than three people, having access to your database or files, the owner should hash the password, just to avoid "account hacking" later on if there any conflict happened.
ConnorW is offline   Reply With Quote
Old 25/09/2018, 02:39 PM   #20
v1k1nG
Huge Clucker
 
v1k1nG's Avatar
 
Join Date: Feb 2018
Posts: 411
Reputation: 31
Default Re: Fix my brains please - Account passwords

Quote:
Originally Posted by AdamCooper View Post
Well first of all its obvious you wont insert your paypal email and password as your SAMP account unless you brainless.
Since you do not salt passwords and act like this, I would be brainless in registering an account in one of your services too. Despite of the service, my informations are mine and so they are private and need to be protected!

Quote:
Originally Posted by AdamCooper View Post
Second and I will say this again and explain your more good mr.sarcasm :
My password : 123456 = HASH password AS23%SS ==== Your password : 123456 = HASH password:AS23%SS
In 2 posts you are repeating the same thing. Everyone here knows that, no one here in this thread is asking how hashing works. The thread is about people thoughts about all these people (like you, it seems) telling people "register register register an account! my services: bla bla bla" to earn money but then you do not even know how to manage passwords properly.
And since this is a dev forums, this is even worse, since not only passwords are info to protect and keep secret.

Now I do not even know you, but please learn how to manage users' data proeprly. Peace.
v1k1nG is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Include] sampfw - account.inc | Dynamic player account data (loading & saving) nG Inverse Includes 0 11/09/2017 01:24 AM
[Y_INI]Registering with another account loads previous playerid account xXmAn40100Xx Scripting Help 6 10/08/2015 07:38 PM
Problem with saving account passwords nicholasramdhan Scripting Help 20 24/03/2015 06:55 AM
[GameMode] Basic MySQL Account Script [MySQL R7, cache functions, easydialog, Whirlpool, salted passwords] ReneG Gamemode Scripts 71 02/03/2014 12:48 PM
Use of brains. SaW Everything and Nothing 42 07/02/2011 06:41 PM


All times are GMT. The time now is 04:29 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.