(login remember me system)Are MTA Serials 'reliably unique'?

[LonelyRoad]

Hey all,

Are MTA Serials reliably unique? I've been developing a login/register system and I was thinking about implementing a remember me option or an autologin based on the user's serial.

I want to know how 'safe' this would be, or if it is better to generate my own hash and identify them based on that instead?

[ixjf]

There is a very small risk of serial conflicts. According to Talidan, approximately 500 other players have the same serial - that is a 0.1% conflict rate.

it's statistically possible to have conflicting serials

i did some statistics on it, and estimated a 0.1% conflict rate

so, given our playerbase of 500,000+ users, that means there are probably 500 other players in the world with your serial

[Alexs]

Hey all,

Are MTA Serials reliably unique? I've been developing a login/register system and I was thinking about implementing a remember me option or an autologin based on the user's serial.

I want to know how 'safe' this would be, or if it is better to generate my own hash and identify them based on that instead?

You can store data in private files using 'fileCreate'.

[Mr_Moose]

Autologin should be optional since some players might join from public computers, to make a unique identification you could probably combine multiple parameters for example serial and ip, otherwise the best solution is probably to store the account data on the users local computer by saving an xml file client side, just remember to encrypt passwords and other secret data.

[ixjf]

just remember to encrypt passwords and other secret data.

Why would you need to? It's the client's responsability to keep his files safe.

[Mr_Moose]

Don't be lazy, encryption isn't hard at all and some clients can't protect their files in a good way, what if they play on a computer with many other users too etc.. Anyway it's your own choice if you want to deal with angry users who lost their account due to bad security.

[ixjf]

It's not about being lazy, it's about who is responsible for what. If they tick a check box to remember details, they should know that anyone with access to the computer can at least log in to their account. That's how things have been done for a long time and I have rarely seen any issues with it so I don't see any real benefit from encrypting the password.

[Markeloff]

so, given our playerbase of 500,000+ users, that means there are probably 500 other players in the world with your serial

Impossible.

[Gallardo9944]

There are more than 500k serials possible though. But I don't use serials as a base for smth - there are situations when you are not using your own computer or got a new one.

[ixjf]

so, given our playerbase of 500,000+ users, that means there are probably 500 other players in the world with your serial

Impossible.

Is it, though? Are you saying you know better than the MTA developers themselves how their own system works? Would be nice if you could justify your opinion. Also, don't forget this is probability, not precise data.