| Serial Hashing, How Secure? [message #372918] |
Sat, 21 February 2009 19:50  |
a000clown
Messages: 363
Registered: May 2005
Location: Canada
Karma: 0
|
Commander |
|
|
If I tell someone what my password is under a salted md5 hash chances are pretty much nil they'll be able to get the original password using rainbow tables, so I'd like to know how secure the method is on our Renegade serials.
Reason I'm asking is I want to enable automatic moderator logins, but to keep things safe I will be restricting their nickname to their specific serial hash.
Since other servers can easily find their hash if they play there, I want to know if it's possible to generate that same exact hash value without knowing the original serial. In other words, is what I plan to do secure or not?
|
|
|
|
| Re: Serial Hashing, How Secure? [message #372926 is a reply to message #372918] |
Sat, 21 February 2009 22:09  |
raven
Messages: 595
Registered: January 2007
Location: Toronto, Ontario
Karma: 0
|
Colonel |
|
|
It's fairly secure. From what I recall, the serial hash is generated by the original serial being hashed twice via md5.
I'd say its pretty damn secure.
Edit: However.. RoShamBo does bring up a good point. Someone could send a fake string containing the hash to the server.. so you wouldn't need to reverse the hash cos you could send it directly
-Jelly Administrator
-Exodus Administrator
[Updated on: Sun, 22 February 2009 07:08] Report message to a moderator |
|
|
|
| Re: Serial Hashing, How Secure? [message #372938 is a reply to message #372926] |
Sun, 22 February 2009 00:48 |
 |
jnz
Messages: 3396
Registered: July 2006
Location: 30th century
Karma: 0
|
General (3 Stars) |
|
|
| raven wrote on Sun, 22 February 2009 05:09 |
It's fairly secure. From what I recall, the serial hash is generated by the original serial being hashed twice via md5.
I'd say its pretty damn secure.
|
No, it's not secure at all. It's extremely trivial to fake a serial.
EDIT: Although it would be fairly difficult to retrieve the original, I suppose.
[Updated on: Sun, 22 February 2009 00:49] Report message to a moderator |
|
|
|
|
|
| Re: Serial Hashing, How Secure? [message #373116 is a reply to message #372938] |
Sun, 22 February 2009 23:07 |
a000clown
Messages: 363
Registered: May 2005
Location: Canada
Karma: 0
|
Commander |
|
|
| RoShamBo wrote on Sun, 22 February 2009 02:48 |
| raven wrote on Sun, 22 February 2009 05:09 |
It's fairly secure. From what I recall, the serial hash is generated by the original serial being hashed twice via md5.
I'd say its pretty damn secure.
|
No, it's not secure at all. It's extremely trivial to fake a serial.
EDIT: Although it would be fairly difficult to retrieve the original, I suppose.
|
So you're saying if the hashed version of my serial was 1234 and someone knew this, it would be easy for them to tell the server 1234, but not easy for them to figure out the original. That right?
|
|
|
|
| Re: Serial Hashing, How Secure? [message #373123 is a reply to message #372918] |
Mon, 23 February 2009 00:34 |
 |
reborn
Messages: 3231
Registered: September 2004
Location: uk - london
Karma: 0
|
General (3 Stars) |
|
|
Yeah, I'm sure that's what he's saying. So if they played in other servers and that server owner decided to retrieve there serial hash, that person could potentially spoof it.
Pretty unlikely to happen I guess. I don't know many server owners that would care enough to do this, but I suppose it could happen.
|
|
|
|
| Re: Serial Hashing, How Secure? [message #373146 is a reply to message #373123] |
Mon, 23 February 2009 05:29 |
|
jnz
Messages: 3396
Registered: July 2006
Location: 30th century
Karma: 0
|
General (3 Stars) |
|
|
| reborn wrote on Mon, 23 February 2009 07:34 |
Yeah, I'm sure that's what he's saying. So if they played in other servers and that server owner decided to retrieve there serial hash, that person could potentially spoof it.
Pretty unlikely to happen I guess. I don't know many server owners that would care enough to do this, but I suppose it could happen.
|
If a server owner decided to ban on some one's serial, that banned person could send a random serial to the server. Wol or not.
|
|
|
|
Search
Help
Members
Register
Login
Home
