This is a read-only snapshot of the ComputerCraft forums,
taken in April 2020.
Using a Hash with Passwords
Started by CastleMan2000, 01 February 2013 - 03:19 AMPosted 01 February 2013 - 04:19 AM
Using a hash function such as sha256, how would I use it correctly to secure my password? I have a password program, but the password is stored in plaintext and I would like to use a hash of it instead. Would I hash my password, use the resulting hash as the password variable, and hash the inputted password to see if it matches?
Posted 01 February 2013 - 04:27 AM
When the password is set, hash it and store the hashed value instead of the plaintext. When the password is entered, hash it and compare the hash result against the stored hash value.
Posted 01 February 2013 - 09:51 AM
how do you hash a value/string?
Posted 01 February 2013 - 09:52 AM
Using a hash function like SHA-1 or SHA-256
Use the search feature on the forum, you'll find one :)/>
Use the search feature on the forum, you'll find one :)/>
Posted 01 February 2013 - 01:59 PM
Find an SHA-256 hash here.
To do this, as soon as you've read the password, hash it. Then deal with it like a normal password - save it to a file, load another from a file, compare it. It's just the same thing, but the password is different to what the user has typed. When you create an account, as soon as you've read the password, hash it, then store it or whatever. Deal with it exactly like a normal password.
To do this, as soon as you've read the password, hash it. Then deal with it like a normal password - save it to a file, load another from a file, compare it. It's just the same thing, but the password is different to what the user has typed. When you create an account, as soon as you've read the password, hash it, then store it or whatever. Deal with it exactly like a normal password.
Posted 01 February 2013 - 03:20 PM
hashing is used so if someone gains access to a server they can steal all the passwords but have to brute force them before they are usable
the same applies for CC, if someone terminates it and steals your passsword file.
SHA and md5 are waay overkill for cc imo
(1337th post)
the same applies for CC, if someone terminates it and steals your passsword file.
SHA and md5 are waay overkill for cc imo
(1337th post)
Posted 01 February 2013 - 04:44 PM
thx for the link and i'm using it for my own small system of programs bundled up into a computer. can the code (from a program) still be executed when it's hashed or do i have to undo the hash 1st?
Posted 01 February 2013 - 08:53 PM
You can't hash a program, hashing cannot be undone other than by time-consuming guesswork.
Posted 02 February 2013 - 08:23 AM
that kind of sucks. i guess i'll use encryption instead.
Posted 11 February 2013 - 04:14 AM
The problem is that you have to decrypt the code in order to run it. So you have to give the user the means to decrypt your code. You can "obfuscate" it by mangling the variable names and removing white space but that can be solved - the Minecraft code is heavily obfuscated in order to prevent cheating, yet modders have cracked it and made mods. Therefore ComputerCraft only exists because what you want is impossible. So no it doesn't suck!that kind of sucks. i guess i'll use encryption instead.
Posted 11 February 2013 - 06:30 AM
It sounds like you've got it exactly right. For extra security, you could also use a salt. In cryptography, a salt is an extra piece of information hashed into the password but also stored alongside it – unhashed. This has several advantages, but the only one that would be very useful inside Minecraft is making rainbow tables useless. A rainbow table is a huge list of precomputed hashes that can make it trivial to determine the hash's input.Using a hash function such as sha256, how would I use it correctly to secure my password? I have a password program, but the password is stored in plaintext and I would like to use a hash of it instead. Would I hash my password, use the resulting hash as the password variable, and hash the inputted password to see if it matches?
Say, for example, that your password is "cheese". SHA256("cheese") = 873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34. Now, suppose someone manages to get access to your hashed password. Even though it's practically impossible to go from the hash back to the word "cheese" computationally, if you do a Google search for the hash you'll find several sites telling you that SHA256("cheese") will get you same hash (because "cheese" is a common word and several people have precomputed hashes for it.)
If you added a salt to the previous example – let's say your salt is a random number generated right before hashing (42 in this example) – you would end up hashing salt + password and storing salt + hash. SHA256("42,cheese") = 3ad58e630e3e7b33985c3f08e5d07347b52c28d29a658b0bef576c8e8baab18a, so in your code/password database you would store 42,3ad58e630e3e7b33985c3f08e5d07347b52c28d29a658b0bef576c8e8baab18a. When validating the password, you would split apart the salt (42) and hash (3ad58…), compute SHA256("42,[password to check]") and see whether it matches the hash (3ad58…).
Posted 11 February 2013 - 06:41 AM
–snip–
SHA and md5 are waay overkill for cc imo
–snip–
sha-1 only takes about 3-4 hours to crack
ive cracked people's passwords for them when they forgot using bruteforce, and it really doesnt take that long
md5 takes less time than that