2019-05-02, 03:23 PM
(2019-05-01, 03:52 PM)JustMichael Wrote: I think he means, that it is encrypted within O-MP before it is passed to the script. Therefore it forces server owners to use already encrypted passwords.
As much as I like this, it would mean that there would have to be a way to pass a salt as well as the password to the gamemode
and also allow some global way to set the pepper.
Well,?there's no salt problem if we use bcrypt, since it stores the digest and the salt in the same string.
(2019-05-01, 02:36 PM)hual Wrote: This could actually be enforced on the server as well.
Yes true, but only if the encryption is made client-side, which is actually a good idea.?
(2019-04-30, 02:27 PM)BloodMaster Wrote:(2019-04-30, 08:03 AM)Sasino97 Wrote: Yes, the server scripter could still access the plain text password by using plugins that intercept the data sent between the server and the client,
If the client already sends a hashed password, then there would be no way to access it.
Good idea, but if it's possible to re-create that icon in the corner, you could fake a secure password and make the players think that they're inputting a safe password.
In the optic of creating a totally customizable open.mp, yes that's true, but it would be no easy task to reproduce it perfectly.