🎉 Celebrating 25 Years of GameDev.net! 🎉

Not many can claim 25 years on the Internet! Join us in celebrating this milestone. Learn more about our history, and thank you for being a part of our community!

Back to Networking and Multiplayer

Login System

Acar · 2015-07-20T16:32:17

So i'm trying to follow these steps: 1. Client sends username to server. 2. Server sends a random number to client. 3. Client encrpyts the random number with password hash as key. 4. Server encrypts the random number with correct password hash from database and checks if the two of them match. So as far as i understood i have to store both hash and salt in database in order to check if they match. But how will client know which salt to use ? Wouldn't hash be different if a different salt is used ? Do i have to send salt via socket then create hash ?

Networking and Multiplayer Programming

Started by Acar July 18, 2015 04:16 PM

11 comments, last by hplus0603 8 years, 11 months ago

ankhd

2,304

July 20, 2015 01:41 AM

The only one I can find so far is bcrypt at GitHub C files

Maybe for Key passing to clients you could email them the key. That may open another can of worms. As for scrypt are you all sure it exist, can't find it any where.

Can I take the red pill now, Opening the lid on internet security, talk about pandora's box.

This here is a must read long. A link to more things to read.

Acar

1,159

Author

July 20, 2015 08:53 AM

Thanks for the links. I found a library called "Botan" which seems to have bunch of useful crypto/algorithm. Its' bcrypt_generate function doesn't let you create/store your own salt since it's doing it somewhere in function but it has bcrypt_check function which gets the job done. Another useful information i came across was to use a public key exchange algorithm on top of tls for decent amount of security.

hplus0603

11,920

July 20, 2015 04:32 PM

a public key exchange algorithm on top of tls for decent amount of security

Unfortunately, unless you use full end-to-end certificate validation, public key exchange doesn't add any security.

The reason is that man-in-the-middle can insert himself between client and server, and send one PKX to the client, and run another to the server, and have the decrypted data in the middle.

Use TLS, if you can. The worry more about endpoint security than potential snoopers in the middle.

enum Bool { True, False, FileNotFound };

🎉 Celebrating 25 Years of GameDev.net! 🎉

Login System

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

🎉 Celebrating 25 Years of GameDev.net! 🎉

Login System

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

Reticulating splines