Account information encryption.

[Phatkone]

Hey guys,

I notice with the game that all the passwords are stored in plain text.
Has anyone come across a way to have the game use md5 hashing when referencing the passwords?
I would like to provide my users a bit of extra security, when creating the account and changing passwords etc via the web page its easy to md5 hash the passwords but I am not that bright when it comes to the program development.

Would love some insight from our more experienced engineers

 

[SheenBR]

I already tried this, but the complete hash wont fit into the login packet, so it would need to be redimensioned.
You can try searching the forums for my thread about this.

 

[Phatkone]

Yea i had a feeling it would be a reinvent the wheel kind of thing, a bit dodgy that Yedang didnt implement this originally.

 

[SheenBR]

Just found the thread. Link: http://forum.ragezone.com/f740/enhance-password-security-848186/ (Please dont bump it ^_^)

 

[SunnyZ]

For the love of GOD don't use MD5...

Here's why

 

[SheenBR]

Seems like another channel for my subscription list. This one is new to me, finally! lol im joking. Nice observation though.

 

[Phatkone]

I run SSL on my website, i was just wanting something simple to stop it being plain text, ideally i would go something like SHA256 but seems it may be too hard

 

[Digamma]

If you're working on a compiled game, it's going to be a bit harder to do this because the allocated space for user's password is 32 bytes.
If you're using the source code, then you have all you need in your hands. You can concatenate the username and password and make a hash of it and store it in database as the final result of the password. I think it's not appropriate even send the password decrypted to the server. It must be encrypted in client side.