Jump to content

Encryption of account data for client-side storage


Recommended Posts

I've considered my options and chatted with a few friends about the topic, but basically I am trying to make a remember me script for my login system.

I have decided how I want to do it, and hence I now need advice as to the best method of password encryption...I have been looking at using teaEncode + teaDecode but I don't know how safe these are? Is there a better implementation I could use..?

P.S: Could anyone verify if teaDecode takes the args as follows: result of teaEncode() and key?

Eg. teaEncode("lolwat", "derpderp") returns 12345

So that means teaDecode("12345", "derpderp") returns lolwat?

Link to comment

Yes, that's the correct syntax for teaDecode, I just tested it.

If I understood correctly, you want to use this encryption method just to save the password for your login system, so you don't have to write the password each time, I guess these should do just fine.

Link to comment
  • 3 months later...
I've considered my options and chatted with a few friends about the topic, but basically I am trying to make a remember me script for my login system.

I have decided how I want to do it, and hence I now need advice as to the best method of password encryption...I have been looking at using teaEncode + teaDecode but I don't know how safe these are? Is there a better implementation I could use..?

P.S: Could anyone verify if teaDecode takes the args as follows: result of teaEncode() and key?

Eg. teaEncode("lolwat", "derpderp") returns 12345

So that means teaDecode("12345", "derpderp") returns lolwat?

You should hash and compare passwords rather than encrypting them.

This video would explain it be better than I can.

Sorry for bumping this topic but it is some what important.

Link to comment
  • 4 weeks later...

Well the method I am looking to rebuild and implement now is basically a 2 step process:

1) You type your username and password, and select remember me.

2) Your password is encrypted against your MTA Serial (see link) - with some random mambo-jambo stirred into the mix, and stored locally on your machine in a .xml file.

Then whenever you connect, I can verify your .xml file and allow you to proceed with login.

EDIT:

I should probably point out that contrary to what myonlake said, all of this was going to happen on the client. Probably without the mambo jambo...

I am trying to adapt my login system to cater for this system now, and its proving to be a lot more code than I initially expected, but I am wondering if there is any different/easier/better implementations I could potentially use?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...