Renegade Public Forums
C&C: Renegade --> Dying since 2003™, resurrected in 2024!
Home » Renegade Discussions » Mod Forum » Serial Hashing, How Secure?
Serial Hashing, How Secure? [message #372918] Sat, 21 February 2009 19:50 Go to next message
a000clown
Messages: 363
Registered: May 2005
Location: Canada
Karma: 0
Commander
If I tell someone what my password is under a salted md5 hash chances are pretty much nil they'll be able to get the original password using rainbow tables, so I'd like to know how secure the method is on our Renegade serials.

Reason I'm asking is I want to enable automatic moderator logins, but to keep things safe I will be restricting their nickname to their specific serial hash.
Since other servers can easily find their hash if they play there, I want to know if it's possible to generate that same exact hash value without knowing the original serial. In other words, is what I plan to do secure or not?
Re: Serial Hashing, How Secure? [message #372926 is a reply to message #372918] Sat, 21 February 2009 22:09 Go to previous messageGo to next message
raven
Messages: 595
Registered: January 2007
Location: Toronto, Ontario
Karma: 0
Colonel
It's fairly secure. From what I recall, the serial hash is generated by the original serial being hashed twice via md5.

I'd say its pretty damn secure.

Edit: However.. RoShamBo does bring up a good point. Someone could send a fake string containing the hash to the server.. so you wouldn't need to reverse the hash cos you could send it directly


-Jelly Administrator
-Exodus Administrator

[Updated on: Sun, 22 February 2009 07:08]

Report message to a moderator

Re: Serial Hashing, How Secure? [message #372938 is a reply to message #372926] Sun, 22 February 2009 00:48 Go to previous messageGo to next message
jnz is currently offline  jnz
Messages: 3396
Registered: July 2006
Location: 30th century
Karma: 0
General (3 Stars)
raven wrote on Sun, 22 February 2009 05:09

It's fairly secure. From what I recall, the serial hash is generated by the original serial being hashed twice via md5.

I'd say its pretty damn secure.


No, it's not secure at all. It's extremely trivial to fake a serial.

EDIT: Although it would be fairly difficult to retrieve the original, I suppose.

[Updated on: Sun, 22 February 2009 00:49]

Report message to a moderator

Re: Serial Hashing, How Secure? [message #372943 is a reply to message #372918] Sun, 22 February 2009 01:26 Go to previous messageGo to next message
raven
Messages: 595
Registered: January 2007
Location: Toronto, Ontario
Karma: 0
Colonel
Aye, that's what I was talking about.. reversing the hash to get the actual serial.

-Jelly Administrator
-Exodus Administrator
Re: Serial Hashing, How Secure? [message #373116 is a reply to message #372938] Sun, 22 February 2009 23:07 Go to previous messageGo to next message
a000clown
Messages: 363
Registered: May 2005
Location: Canada
Karma: 0
Commander
RoShamBo wrote on Sun, 22 February 2009 02:48

raven wrote on Sun, 22 February 2009 05:09

It's fairly secure. From what I recall, the serial hash is generated by the original serial being hashed twice via md5.

I'd say its pretty damn secure.


No, it's not secure at all. It's extremely trivial to fake a serial.

EDIT: Although it would be fairly difficult to retrieve the original, I suppose.

So you're saying if the hashed version of my serial was 1234 and someone knew this, it would be easy for them to tell the server 1234, but not easy for them to figure out the original. That right?
Re: Serial Hashing, How Secure? [message #373123 is a reply to message #372918] Mon, 23 February 2009 00:34 Go to previous messageGo to next message
reborn is currently offline  reborn
Messages: 3231
Registered: September 2004
Location: uk - london
Karma: 0
General (3 Stars)
Yeah, I'm sure that's what he's saying. So if they played in other servers and that server owner decided to retrieve there serial hash, that person could potentially spoof it.
Pretty unlikely to happen I guess. I don't know many server owners that would care enough to do this, but I suppose it could happen.



Re: Serial Hashing, How Secure? [message #373146 is a reply to message #373123] Mon, 23 February 2009 05:29 Go to previous message
jnz is currently offline  jnz
Messages: 3396
Registered: July 2006
Location: 30th century
Karma: 0
General (3 Stars)
reborn wrote on Mon, 23 February 2009 07:34

Yeah, I'm sure that's what he's saying. So if they played in other servers and that server owner decided to retrieve there serial hash, that person could potentially spoof it.
Pretty unlikely to happen I guess. I don't know many server owners that would care enough to do this, but I suppose it could happen.


If a server owner decided to ban on some one's serial, that banned person could send a random serial to the server. Wol or not.
Previous Topic: New Nod Tiberium Refinery Interior
Next Topic: how do i, teleports
Goto Forum:
  


Current Time: Sun Dec 22 09:16:52 MST 2024

Total time taken to generate the page: 0.00727 seconds