Jump to content

Current implemented hash functions are total crap


Recommended Posts

Let's take a look at current MTA:SA hash functions:

  • MD5 - old algorithm with many vurnerabilities - http://en.wikipedia.org/wiki/MD5#Security
  • I believe there also was a SHA1 function, but it got replaced with
  • SHA256 - the computing power required to crack it isn't that expensive

The most important feature of a good hashing algorithm is the high expensiveness. They are slow, so it's harder to crack them. Current hashing functions implemented in MTA:SA are shit. Even the un-salted SHA256 isn't enough (a Polish website got hacked, used such hashing method, passwords got easily cracked - info in Polish).

This is why I think that MTA should natively implement bcrypt/scrypt OR someone should implement it. I tried. I suck at C++. If anyone could help me fix this, please fork it and find what's wrong: https://github.com/pzduniak/mtasa-bcrypt

Right now I bet that over half of the servers wouldn't be able to protect the players' passwords in case of getting hacked. And I find it sad.

Link to comment
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...