More secure login file

Original Post

scorpionma

Jan 7, 2013

scorpionma

Forumite

Join Date: Sep 2011

Jan 7, 2013

More secure login file

will you all know how to get a toribash user password from a computer
you only go to login.dat and open it!
it is unsecure!
so how about making it a little harder!
there is a billion way to encrypt!
example:
md5
ex to md5:
scorpionma=8f38c4ab6f490b609f2aafe113f2e125
toribash=7aef8141831aabe4590819eef635fe52
another examle about encrypting
Hashing Encryption:
ex:apache-htpasswd
toribash:3d5545fb6463546ed6167744eda54464

all others:

INB4 14 days ban

Quote

KZero07

Jan 7, 2013

KZero07

Senior Member

Join Date: Jul 2010

Jan 7, 2013

I support this.
There was a time when i was downloading old versions of the game from other sites and the log in data of the one who uploaded it was still there and still accessible. Though these are responsibilities of the ones who uploaded it, it would somehow lessen the reports on hacked accounts.

~knight zero~

Quote

*SkulFuk

Jan 8, 2013

*SkulFuk

Join Date: Mar 2008

Jan 8, 2013

If only. Yet another thing we've bugged hampa about to no avail.

<Erf> SkulFuk: gf just made a toilet sniffing joke at me
<Erf> i think
<Erf> i think i hate you

Quote

Dinis

Jan 8, 2013

Dinis

Join Date: Jul 2009

Jan 8, 2013

You realize md5 is easily decrypted, don't you?

IF you are going to do this, at least use salts.

Quote

MrOMGWTF

Jan 31, 2013

MrOMGWTF

Junior Member

Join Date: Dec 2012

Jan 31, 2013

Originally Posted by Dinis

You realize md5 is easily decrypted, don't you?

IF you are going to do this, at least use salts.

Back to the thread, this is hilarious.
The only moment when your login and password is used, is when the client joins the server. When you log in, it actually doesn't log you in, it just copies your login and password to the memory.

When you join a server, the client sends a MLOGIN packet. It's composed like that:

mlogin login pass_md5

It sends your login and password, but the password is in MD5! So why not just save the password in md5 already? lol. I've never had such a funny time when reversing an exe.

Quote

Regent101

Jan 8, 2013

Regent101

Senior Member

Join Date: Jan 2013

Jan 8, 2013

This holds a valid point. Whenever i forgot my pass i would just open that file to save time. :3

We're all going to Hell, we may as well go out in style
Death is a promise, and your life is a fucking lie

Quote

HunnKhan

Jan 8, 2013

HunnKhan

Member

Join Date: Jan 2012

Jan 8, 2013

Increasing login safety is sure a good thing

Quote

scorpionma

Jan 8, 2013

scorpionma

Forumite

Join Date: Sep 2011

Jan 8, 2013

Originally Posted by dinis

You realize md5 is easily decrypted, don't you?

IF you are going to do this, at least use salts.

i realize but
80% dont no how i know its easy
maybe someone wants to view it quick
see the login file and then relize it is encrypted then he goes
or maybe a full page of ussuless thing to make the reader get bored or get confused
and that was just an example
i know there is more secure

INB4 14 days ban

Quote

+suomynona

Jan 9, 2013

+suomynona

Join Date: Jan 2007

Jan 9, 2013

The problem remains in that the login file, no matter how it's encrypted, is equally vulnerable and valuable to theft in one manner or another.

Also, SkulFuk, when's the last time this has actually been a problem?

Squad Squad Squad lead?
The standardization of Toribash Squad roles may have gone too far!

Quote

*SkulFuk

Jan 9, 2013

*SkulFuk

Join Date: Mar 2008

Jan 9, 2013

Originally Posted by suomynona

Also, SkulFuk, when's the last time this has actually been a problem?

2-3 month since the last "widespread" issue from it.

<Erf> SkulFuk: gf just made a toilet sniffing joke at me
<Erf> i think
<Erf> i think i hate you

Quote

« Previous Thread | Next Thread »

Log in / Register

Inventory

Market

Clans

Ranking

Merch

Inventory

Store

Market

Clans

Community

Ranking

Merch