Moriarty Posted September 18, 2015 Group: Members Topic Count: 27 Topics Per Day: 0.01 Content Count: 135 Reputation: 13 Joined: 06/20/12 Last Seen: April 14, 2018 Share Posted September 18, 2015 Isn't it past time to implement a new encryption type like SHA-256? MD5 is easily breakable, so there is really no reason someone would bother save encrypted passwords, and that's just a loss.. to players, as newbies admins frequently get hacked Link to comment Share on other sites More sharing options...
Strow Posted September 18, 2015 Group: Members Topic Count: 5 Topics Per Day: 0.00 Content Count: 15 Reputation: 4 Joined: 12/04/13 Last Seen: April 11 Share Posted September 18, 2015 It would be interesting to use bycrypt in order to generate an encryption from php pages with greater security. Link to comment Share on other sites More sharing options...
Cydh Posted September 18, 2015 Group: Developer Topic Count: 153 Topics Per Day: 0.04 Content Count: 2285 Reputation: 745 Joined: 06/16/12 Last Seen: June 30, 2023 Share Posted September 18, 2015 I was suggesting to support SHA in source, not for replacing the MD5, but as option. Link to comment Share on other sites More sharing options...
samurai.rukasu Posted September 20, 2015 Group: Members Topic Count: 3 Topics Per Day: 0.00 Content Count: 71 Reputation: 3 Joined: 12/31/11 Last Seen: January 17 Share Posted September 20, 2015 U will not be hacked if u learn to protect your web sites against sql inyection, too many webs and Ragnarok CP are bulnerables to that U_U Link to comment Share on other sites More sharing options...
Moriarty Posted September 20, 2015 Group: Members Topic Count: 27 Topics Per Day: 0.01 Content Count: 135 Reputation: 13 Joined: 06/20/12 Last Seen: April 14, 2018 Author Share Posted September 20, 2015 U will not be hacked if u learn to protect your web sites against sql inyection, too many webs and Ragnarok CP are bulnerables to that U_U Yeah, because no major company ever got hacked. And the last part of your sentence is exactly why there should be better encryption, AND IT SHOULD BE ENABLED BY DEFAULT. Link to comment Share on other sites More sharing options...
samurai.rukasu Posted September 22, 2015 Group: Members Topic Count: 3 Topics Per Day: 0.00 Content Count: 71 Reputation: 3 Joined: 12/31/11 Last Seen: January 17 Share Posted September 22, 2015 U will not be hacked if u learn to protect your web sites against sql inyection, too many webs and Ragnarok CP are bulnerables to that U_U Yeah, because no major company ever got hacked. And the last part of your sentence is exactly why there should be better encryption, AND IT SHOULD BE ENABLED BY DEFAULT. No need to, only learn how to protect your web pages and CP with anti sql injection, xss, etc embedded inside the code. That's the difference between a good programmer and a novice. Link to comment Share on other sites More sharing options...
Moriarty Posted September 23, 2015 Group: Members Topic Count: 27 Topics Per Day: 0.01 Content Count: 135 Reputation: 13 Joined: 06/20/12 Last Seen: April 14, 2018 Author Share Posted September 23, 2015 Oh.. you are so right, I will bend in my bed a little to reflect why password encryption was ever created. Link to comment Share on other sites More sharing options...
Realusion Posted September 25, 2015 Group: Members Topic Count: 1 Topics Per Day: 0.00 Content Count: 57 Reputation: 15 Joined: 12/25/11 Last Seen: October 1, 2016 Share Posted September 25, 2015 (edited) I know for certain, that you cannot be certain about being perfectly safe. That being said, MD5 should not be an option - it should be replaced entirely. I recommend bcrypt or scrypt, with bcrypt being the better fit currently as it is tested and understood a lot better. Interestingly, I was messing around with this matter a while ago - however, I'm currently on hold due to plenty of work and university coming up again. Edited September 25, 2015 by Realusion Link to comment Share on other sites More sharing options...
H4Mm3r Posted September 26, 2015 Group: Members Topic Count: 8 Topics Per Day: 0.00 Content Count: 24 Reputation: 1 Joined: 09/22/15 Last Seen: November 8, 2015 Share Posted September 26, 2015 (edited) Better password encryption should be included, I agree +10000000 with that. Edited September 26, 2015 by H4Mm3r Link to comment Share on other sites More sharing options...
Aleos Posted March 7, 2016 Group: Development Manager Topic Count: 56 Topics Per Day: 0.01 Content Count: 732 Reputation: 525 Joined: 12/13/11 Last Seen: August 14, 2023 Share Posted March 7, 2016 Since the client only supports clear text and MD5, this isn't possible. Link to comment Share on other sites More sharing options...
Recommended Posts