Piotr Orange Zduniak Posted August 9, 2013 Share Posted August 9, 2013 Let's take a look at current MTA:SA hash functions: MD5 - old algorithm with many vurnerabilities - http://en.wikipedia.org/wiki/MD5#Security I believe there also was a SHA1 function, but it got replaced with SHA256 - the computing power required to crack it isn't that expensive The most important feature of a good hashing algorithm is the high expensiveness. They are slow, so it's harder to crack them. Current hashing functions implemented in MTA:SA are shit. Even the un-salted SHA256 isn't enough (a Polish website got hacked, used such hashing method, passwords got easily cracked - info in Polish). This is why I think that MTA should natively implement bcrypt/scrypt OR someone should implement it. I tried. I suck at C++. If anyone could help me fix this, please fork it and find what's wrong: https://github.com/pzduniak/mtasa-bcrypt Right now I bet that over half of the servers wouldn't be able to protect the players' passwords in case of getting hacked. And I find it sad. Link to comment
x86 Posted August 11, 2013 Share Posted August 11, 2013 I guess we should have a function like PHP has: http://php.net/crypt Link to comment
Jusonex Posted August 12, 2013 Share Posted August 12, 2013 If anyone could help me fix this, please fork it and find what's wrong: https://github.com/pzduniak/mtasa-bcrypt Done: https://github.com/Jusonex/mtasa-bcrypt/ Link to comment
Recommended Posts