Jesseunit Posted February 1, 2013 Share Posted February 1, 2013 Introduction I decided to release this useful script to make players feel more safe when registering an account. Even server owners won't know your password unless they know your own personal key. Also... It's the 21st century, almost every legit website is using this way of encryption. (Except Banks, they use an RSA-Encryption to decrypt your data) How it works If a player joins for the first time, a file will be created in his/her PC containing a key that will be used to decrypt his password the next time he/she logs in. When a player registers an account, the submitted password will be encrypted into a 100% impossible-to-decrypt string. This is how it'll look like: o Rk?PL$Dh2[;G3J8HlScL_NdDL#:)K~`tZJ)NPlTfRa9#]8xA (The client won't be able to see this code because it'll be stored in a database, preferably a MySQL Database) Now, the question that remains is: 'Where is the key being used for?' Well, the key is being used to randomize the encrypted string and use it to decrypt the encrypted string later on when you log in again. This is how the key looks like: <keys> <key value="[ [ 7, 12, 28, 13, 34 ] ]"></key> </keys> Download: Coming soon, I'm making it more user-friendly at the moment FAQ Q: I deleted my key, how do I recover it? A: Once your key is deleted, it's not possible to recover it. Unless it's in your rubbish bin. Q: If someone breaks into my database, can they decrypt and steal everyones password? A: No, unless the 'infiltrator' knows each single individual key. Q: Passwords are already salted by default, this resource is useless! A: Passwords are only salted if you're using MTA's integrated account system * Note: This post will be updated Link to comment
myonlake Posted February 2, 2013 Share Posted February 2, 2013 This is kinda basic stuff for those who have to deal with website encryption everyday - for example myself. But I am glad you are making it available for download and I am happy to know that someone else thinks the same way as I do ;P You could make it so that everytime the player logs in or joins the server, the key will change to a new one and so on, you probably know what I mean. That would improve the security on the client as well, even though it is kind of "impossible" to decrypt the password (nothing is impossible, if someone is able to use a super-computer and run though millions of queries testing the password OR has ability to use the client's computer, then it's decrypted in no-time). But not saying that this isn't a better system than other systems out there available for download on community or GitHub or so. Good job Link to comment
Jesseunit Posted February 2, 2013 Author Share Posted February 2, 2013 Thankyou for stating your opinion myonlake. I'll look into your suggestion Link to comment
Anderl Posted February 2, 2013 Share Posted February 2, 2013 This can be easily made/found on internet ( but needs some changes ). Good job, anyway Link to comment
Jesseunit Posted February 2, 2013 Author Share Posted February 2, 2013 This can be easily made/found on internet ( but needs some changes ). Good job, anyway That's where I found it in the first place Anderl But it was easy to bypass so I made some changes to it. Such as player keys for example. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now