Moriarty Posted September 18, 2015 Posted September 18, 2015 Isn't it past time to implement a new encryption type like SHA-256? MD5 is easily breakable, so there is really no reason someone would bother save encrypted passwords, and that's just a loss.. to players, as newbies admins frequently get hacked
Strow Posted September 18, 2015 Posted September 18, 2015 It would be interesting to use bycrypt in order to generate an encryption from php pages with greater security.
Cydh Posted September 18, 2015 Posted September 18, 2015 I was suggesting to support SHA in source, not for replacing the MD5, but as option.
samurai.rukasu Posted September 20, 2015 Posted September 20, 2015 U will not be hacked if u learn to protect your web sites against sql inyection, too many webs and Ragnarok CP are bulnerables to that U_U
Moriarty Posted September 20, 2015 Author Posted September 20, 2015 U will not be hacked if u learn to protect your web sites against sql inyection, too many webs and Ragnarok CP are bulnerables to that U_U Yeah, because no major company ever got hacked. And the last part of your sentence is exactly why there should be better encryption, AND IT SHOULD BE ENABLED BY DEFAULT.
samurai.rukasu Posted September 22, 2015 Posted September 22, 2015 U will not be hacked if u learn to protect your web sites against sql inyection, too many webs and Ragnarok CP are bulnerables to that U_U Yeah, because no major company ever got hacked. And the last part of your sentence is exactly why there should be better encryption, AND IT SHOULD BE ENABLED BY DEFAULT. No need to, only learn how to protect your web pages and CP with anti sql injection, xss, etc embedded inside the code. That's the difference between a good programmer and a novice.
Moriarty Posted September 23, 2015 Author Posted September 23, 2015 Oh.. you are so right, I will bend in my bed a little to reflect why password encryption was ever created.
Realusion Posted September 25, 2015 Posted September 25, 2015 (edited) I know for certain, that you cannot be certain about being perfectly safe. That being said, MD5 should not be an option - it should be replaced entirely. I recommend bcrypt or scrypt, with bcrypt being the better fit currently as it is tested and understood a lot better. Interestingly, I was messing around with this matter a while ago - however, I'm currently on hold due to plenty of work and university coming up again. Edited September 25, 2015 by Realusion
H4Mm3r Posted September 26, 2015 Posted September 26, 2015 (edited) Better password encryption should be included, I agree +10000000 with that. Edited September 26, 2015 by H4Mm3r
Aleos Posted March 7, 2016 Posted March 7, 2016 Since the client only supports clear text and MD5, this isn't possible.
Recommended Posts