Compa Posted October 20, 2013 Share Posted October 20, 2013 Does anyone know how MTA encrypts passwords? From what i knew it was SHA256. But the hashes in our database aren't the same as SHA256. Server is currently running on 1.3.4 Link to comment
Castillo Posted October 20, 2013 Share Posted October 20, 2013 As far as I know, the new encryption is SHA256, but I'm not sure. Link to comment
Compa Posted October 20, 2013 Author Share Posted October 20, 2013 As far as I know, the new encryption is SHA256, but I'm not sure. Thought that too. Just found this: Changed account passwords to use salted sha256 https://wiki.multitheftauto.com/wiki/Changes_in_1.3.2 Now i need to find out which salt it's using. Link to comment
TAPL Posted October 20, 2013 Share Posted October 20, 2013 MTA password is encryption with sha256. This function is same thing. https://wiki.multitheftauto.com/wiki/Sha256 Link to comment
Compa Posted October 20, 2013 Author Share Posted October 20, 2013 MTA password is encryption with sha256.This function is same thing. https://wiki.multitheftauto.com/wiki/Sha256 Ye, but the MTA passwords are using a salt too. if you have password "123456" sha256("123456") will return another hash then stored in the database. Link to comment
Jaysds1 Posted October 21, 2013 Share Posted October 21, 2013 Sorry, why do you need this info? Link to comment
Compa Posted October 21, 2013 Author Share Posted October 21, 2013 Sorry, why do you need this info? Going to migrate a database, building a custom register/login system. Link to comment
ixjf Posted October 21, 2013 Share Posted October 21, 2013 (edited) Ignore this post, own stupidty Edited November 18, 2013 by Guest Link to comment
Jusonex Posted October 21, 2013 Share Posted October 21, 2013 Due to backwards compatibility, the password hash is a bit more complex. The first 64 characters contain the SHA256 hash, followed by one character representing the hash type (old/new version) and finally the 32-chars salt. I wrote the following function some time ago: function checkPassword(dbPassword, inputPassword) local hash = dbPassword:sub(0, 64) local type = dbPassword:sub(65, 65) local salt = dbPassword:sub(-32) if not (hash and type and salt) then return false end if type == "1" then -- Old version return sha256(salt..md5(inputPassword))..type..salt == dbPassword elseif type == "0" then -- New version return sha256(salt..inputPassword)..type..salt == dbPassword end return false end By the way: Encryption != hashing Link to comment
Compa Posted October 22, 2013 Author Share Posted October 22, 2013 Nice snippet. It's working perfect. Link to comment
qaisjp Posted November 18, 2013 Share Posted November 18, 2013 A simpler method is an account migration system, a column called "migration" which is set to the version of the password hash (before you migrate, it would be 0, when you need to change hash/salt it would be added by 1 per player as migrated. The new default would be 1). When the player logs into the server say "Your account needs to be migrated to the new system in order to continue. Please re-enter your password." Then the password which they enter is confirmed with their original password from the old database. If its the same then use the password they just entered to hash it into their new database account. Then set their "migration" value to "1". Build this into a migration system to support multiple versions. Something like migrateEvent[1] = function() ... change from md5 to sha .. end migrateEvent[2] = function() do this or that end Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now