SHA1 Crypt Variable?

Bubelbub · August 22, 2009

Sorry for my bad English.

I got the AuthSocket.cpp already viewed 1 hours.

But unfortunately only had the range found by the password is checked.

Can one of you to say which variable has the password?

The variable should be as normal SHA1 have no password.

Below, I have only:

if (! memcmp (M. AsByteArray (), lp.M1, 20))

found.

What meaning is the same password database> client.

Thanks in advance!

I translated the Text with a Translator, also Sorry ^^

Patman128 · August 23, 2009

Not sure what you said, but yes, the hash sent by client (if the username and password are correct) is the same as the one stored in the database.

Bubelbub · August 23, 2009

hmm

My English ^^:

I mean, the Variable, where the password is in...

Also, for Username is it:

_safelogin.c_str() < Variable

and

_login.c_str() < Variable

==

(const char*)ch->I;

What is the Variable for Password?

arrai · August 23, 2009

The password itself or even the hash (sha(name : password)) is never sent by the client. Instead, SRP-6 is used to authenticate the user: http://srp.stanford.edu/design.html

That protocol is unattackable by eavesdroppers

Bubelbub · August 23, 2009

Yes.

hash (sha(name : password)) is never sent by the client

The Client send the Passwort without SHA.

But what is the Variable for the Password (Blank (Without SHA1)).

davemm · August 23, 2009

the client NEVER sends the password, so there is no need to store the password in the server. The server does not need to know what the password is.

Bubelbub · August 23, 2009

LoL

The Server check the both passwords.

If the Client Password == The Server Password than login true.

Else false.

Or why i must in Client "Account Name" and "Account Password".

When the Password dont check, i mustnt it print, äh eingabe...

davemm · August 23, 2009

did you read what arrai said above?

do you know what SHA1 is?

do you know what SRP-6 is?

Try clicking the link arrai posted, it will explain SRP-6.

the client does NOT send the password to the server, it would be far to insecure. That is why SHA1 and SRP-6 are used.

Bubelbub · August 23, 2009

Yes, Sorry, i cant so good English.

Now i know, what you mean.

Now i know, why the Server cant create a Account by Login ^^

Before your Post, i dont understand, why i cant create a Account by Login ^^

Thanks.

Can *CLOSED*

Patman128 · August 25, 2009

Ah, so THAT'S what the s and v fields in the account table are for. Thanks, I didn't know how the login system worked before.

Sign In

SHA1 Crypt Variable?

Recommended Posts

Bubelbub

Patman128

Bubelbub

arrai

Bubelbub

davemm

Bubelbub

davemm

Bubelbub

Patman128

Recently Browsing 0 members

Contact Us

Repositories

Support

Wiki

Browse

Activity

My Activity Streams

Important Information