Jump to content

[QUESTION] bcrypt Authentication from Client

wilhelm

By wilhelm
in Scripting

Recommended Posts

wilhelm I ordered some spaghetti with marinara sauce and I got egg noodles and ketchup. I'm an average nobody.

wilhelm

Posted
Posted

Hi all!

I'm wanting to make use of bcrypt to authenticate my users. passwordHash and passwordVerify appear setup to use this algorithm, but I have a slight problem.

My users will use a CEF-based interface to submit their login credentials to the clientside. The clientside then needs to send the credentials to the server to verify. I'm currently running passwordHash against the credentials on the clientside before using triggerServerEvent to transmit them.

However, this results in two separate hash values being produced for the same input value (?due to unique salting).

I've experimented slightly with using encodeString to temporarily encode the password before calling triggerServerEvent, and then decrypting on the serverside - but how can I securely share the key with the server to decrypt on the other side?

I have considered switching to sha256, as this produces the same hashes no matter where it is called (client or server etc). But I feel this is less secure.

 

How can I make use of the passwordHash/passwordVerify in this situation while preserving security as much as possible?

TIA!

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...