Jump to content

Password Encryption


Compa

Recommended Posts

Due to backwards compatibility, the password hash is a bit more complex.

The first 64 characters contain the SHA256 hash, followed by one character representing the hash type (old/new version) and finally the 32-chars salt.

I wrote the following function some time ago:

function checkPassword(dbPassword, inputPassword) 
    local hash = dbPassword:sub(0, 64) 
    local type = dbPassword:sub(65, 65) 
    local salt = dbPassword:sub(-32) 
     
    if not (hash and type and salt) then 
        return false 
    end 
     
    if type == "1" then 
        -- Old version 
        return sha256(salt..md5(inputPassword))..type..salt == dbPassword 
         
    elseif type == "0" then 
        -- New version 
        return sha256(salt..inputPassword)..type..salt == dbPassword 
    end 
     
    return false 
end 

By the way: Encryption != hashing

Link to comment
  • 4 weeks later...

A simpler method is an account migration system, a column called "migration" which is set to the version of the password hash (before you migrate, it would be 0, when you need to change hash/salt it would be added by 1 per player as migrated. The new default would be 1).

When the player logs into the server say "Your account needs to be migrated to the new system in order to continue. Please re-enter your password."

Then the password which they enter is confirmed with their original password from the old database. If its the same then use the password they just entered to hash it into their new database account. Then set their "migration" value to "1". Build this into a migration system to support multiple versions. Something like

 migrateEvent[1] = function() ... change from md5 to sha .. end migrateEvent[2] = function() do this or that end 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...