LonelyRoad Posted May 10, 2014 Share Posted May 10, 2014 I've considered my options and chatted with a few friends about the topic, but basically I am trying to make a remember me script for my login system. I have decided how I want to do it, and hence I now need advice as to the best method of password encryption...I have been looking at using teaEncode + teaDecode but I don't know how safe these are? Is there a better implementation I could use..? P.S: Could anyone verify if teaDecode takes the args as follows: result of teaEncode() and key? Eg. teaEncode("lolwat", "derpderp") returns 12345 So that means teaDecode("12345", "derpderp") returns lolwat? Link to comment
Castillo Posted May 10, 2014 Share Posted May 10, 2014 Yes, that's the correct syntax for teaDecode, I just tested it. If I understood correctly, you want to use this encryption method just to save the password for your login system, so you don't have to write the password each time, I guess these should do just fine. Link to comment
LonelyRoad Posted May 10, 2014 Author Share Posted May 10, 2014 Sounds good to me, thankyou for testing it Snake. I am going to go ahead and implement it tonight, I think. Link to comment
Atton Posted August 27, 2014 Share Posted August 27, 2014 I've considered my options and chatted with a few friends about the topic, but basically I am trying to make a remember me script for my login system.I have decided how I want to do it, and hence I now need advice as to the best method of password encryption...I have been looking at using teaEncode + teaDecode but I don't know how safe these are? Is there a better implementation I could use..? P.S: Could anyone verify if teaDecode takes the args as follows: result of teaEncode() and key? Eg. teaEncode("lolwat", "derpderp") returns 12345 So that means teaDecode("12345", "derpderp") returns lolwat? You should hash and compare passwords rather than encrypting them.This video would explain it be better than I can. Sorry for bumping this topic but it is some what important. Link to comment
myonlake Posted August 27, 2014 Share Posted August 27, 2014 Whatever you do, never share the key with the client. Link to comment
LonelyRoad Posted September 23, 2014 Author Share Posted September 23, 2014 Well the method I am looking to rebuild and implement now is basically a 2 step process: 1) You type your username and password, and select remember me. 2) Your password is encrypted against your MTA Serial (see link) - with some random mambo-jambo stirred into the mix, and stored locally on your machine in a .xml file. Then whenever you connect, I can verify your .xml file and allow you to proceed with login. EDIT: I should probably point out that contrary to what myonlake said, all of this was going to happen on the client. Probably without the mambo jambo... I am trying to adapt my login system to cater for this system now, and its proving to be a lot more code than I initially expected, but I am wondering if there is any different/easier/better implementations I could potentially use? Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now