I have a complicated problem that's difficult to explain in this tiny box.

digitalEntity #1

36 posts

Location Drowned, in the Mountain of the Spirits

Posted 14 March 2014 - 01:20 AM

Ok, so I've recently been working on what I consider to be a very complex security system on my computercraft world, but there's one part I'm stuck on, and I'm having difficulty finding any useful information on the easy places (google).

I'm trying to create a client/server password system that allows the user of the client system to put in a password (that can include numbers and letters) and convert the password to a number (based on the "key" api), then run that number through a predetermined equation to change the number before sending the information to the server (so wiretappers are gonna have a bad time *insert south park meme here*).

I've already figured out how to alter the result number with an equation, but I don't even have any idea where to start with converting an alphanumerical string (the password, if you forgot lol) into a number.

Any helpful input would be appreciated. Thank you.

Sincerely,
digitalEntity

Lyqyd #2

Lyqyd's profile picture

8543 posts

Posted 14 March 2014 - 01:49 AM

Moved to Ask a Pro.

You're looking for hashing algorithms, most likely.

digitalEntity #3

36 posts

Location Drowned, in the Mountain of the Spirits

Posted 14 March 2014 - 02:11 AM

Lyqyd, on 14 March 2014 - 01:49 AM said:
Moved to Ask a Pro.

You're looking for hashing algorithms, most likely.

So, I have no idea what a hashing algorithm is. if created properly, I'm guessing it could turn specific letters and numbers into specific numbers?

Grim Reaper #4

504 posts

Location Seattle, WA

Posted 14 March 2014 - 02:48 AM

As Lyqyd said, hashing is probably the best thing you're going to find for this.

However, there is still one problem: "wire tappers" can still look at your source code and reverse the equation. If your solution is to make the key client-sided, then you'll still need to communicate the key with the server so it can decode the message properly. This means that anyone listening who knows how your equation works will be able to reverse it.

A way to solve the aforementioned problem is to have the key be some constant that is held in a file on the client's computer and the server. This way, the software can just grab the key from the file instead of having it built in, making it much more difficult for anyone listening to decode the message because they do not know the proper key.

digitalEntity #5

36 posts

Location Drowned, in the Mountain of the Spirits

Posted 14 March 2014 - 04:03 PM

Grim, I can see your point, but I think my system might outclass wiretapping. My system uses MFFS and ComputerCraft in unison, the entire connection between the client and server systems is a wired modem that feeds through the air on the inside of the bedrock box that the system is cased in. The wires themselves are also cased in a bedrock tube. The client computer can only be accessed via a wireless remote (from MFFS), unless you know of an easy way to destroy bedrock on survival mode lol.

The server cannot actually be used by other computers anyway, because the first thing the intertwined programs do is to verify the ID number of the client system, which also gets encoded

On the matter of having the server decode the message: I was actually PLANNING on the server accepting the encrypted password. For example: let's say my algorithm changed the string "potato" to the number 12. My client system would send the number 12 to the server, and the server would receive and process the number 12 as the password, not even aware that the original input was potato. Anyone that does somehow manage to wiretap, would see the number 12 as the password, and may attempt to access the client system and put in the number 12 as the password, which would then be changed by the client into a completely different number, such as 4. The server would receive the number 4, and would process it as the password. Since it did not match the password as the server knows it, the server would reject that password.

On the matter of maintaining a constant in a file outside of the server/client programs: I have no idea how to do this (but would like to learn, for future projects)

Also, if you wouldn't mind, last night I tested a code that, to me, seemed to be a rather simple test form, but is having a few bugs, and I can't manage to fix them.


x = 0
while true do
	 local event, scancode = os.pullEvent("key")
if scancode >=54 then
	 if scancode==15 or scancode==29 or scancode==12 or scancode==13 or scancode==26 or scancode==27 or scancode==43 or scancode==39 or scancode==40 or scancode==51 or scancode==52 or scancode==53 then
		  end
	 elseif scancode==28 then
		  break
	 else
		  x - (x*100)+scancode
end
end
print(x)

What the code is supposed to do: convert letters and numbers (but ignoring non-alphanumeric characters) directly to their keycodes, and, upon pressing enter, stop reading input, and print x (the number that's going to get changed by an equation)

What my skills in programming have failed to bring about: ignoring non-alphanumeric characters.

And again, any helpful input would be appreciated.

Csstform #6

Csstform's profile picture

621 posts

Location U.S.A.

Posted 14 March 2014 - 05:22 PM

You could throw in a for loop to catch any characters that aren't alphanumeric.

Also, if they intercept the hashed or whatever code, can they not just bypass the client and send that code into the server directly? Just a thought, please correct me if I'm wrong. Perhaps you could try and use some sort of a two-step verification where the server replies to the client, or the client sends the message to two or three servers, which all have to then sync with eachother.

digitalEntity #7

36 posts

Location Drowned, in the Mountain of the Spirits

Posted 14 March 2014 - 05:37 PM

Csstform, on 14 March 2014 - 05:22 PM said:
You could throw in a for loop to catch any characters that aren't alphanumeric.

You could say loops are not my forte lol… My skill with loops is extremely limited, because I haven't been able to find any guides that I could understand well, and/or that had a decent quantity of useful information lol. Do you think you could draft up an example code?

Also, on the topic of the wiretapping problems, I wasn't really asking about those anyway, just pointing out some of the defences my system has lol… this system is being designed to keep my 7th grader cousin and his school friends out of the admin room on my modded server lol.

Csstform #8

Csstform's profile picture

621 posts

Location U.S.A.

Posted 14 March 2014 - 05:55 PM

Sure!

http://pastebin.com/XYK5Zfvz

digitalEntity #9

36 posts

Location Drowned, in the Mountain of the Spirits

Posted 14 March 2014 - 06:05 PM

Ok, so I have that on my computer now, but i don't know how to implement it lol. Sorry if I'm a pain lol.

Csstform #10

Csstform's profile picture

621 posts

Location U.S.A.

Posted 14 March 2014 - 06:15 PM

What do you mean by that? Put the args={…} as the first line, and put the for loop where you want to remove the non alphanumeric characters. Copy the if statement inside the for loop for as many characters you want to get rid of, just replace the "-".

And no pain.

EDIT: Not gonna work. My bad. What I gave you is gonna cycle through whole words, not characters. Lemme think this through on how to sort through characters individually.

Edited on 14 March 2014 - 05:16 PM

digitalEntity #11

36 posts

Location Drowned, in the Mountain of the Spirits

Posted 14 March 2014 - 06:20 PM

Hold on, hold on, hold on. I figured it out. I'm editing this momentarily with the code I used.
Edit:


x = 0
while true do
		 local event, scancode = os.pullEvent("key")
if scancode <=54 then
		 if scancode==28 then
				  end
		 elseif  scancode==15 or scancode==29 or scancode==12 or scancode==13 or scancode==26 or scancode==27 or scancode==43 or scancode==39 or scancode==40 or scancode==51 or scancode==52 or scancode==53 then
		 else
				  x = (x*100)+scancode
end
end
end
print(x)

The changes were:

Whoops, I'm a moron, I wanted it to look for everything <=54 instead of >=54

and

Derpy derp I'm gonna completely, and accidentally remove any form of action after the long *** list of non-alphanumeric scancodes. DERP… still don't know how that worked lol

Edited on 14 March 2014 - 05:25 PM

Goof #12

Goof's profile picture

767 posts

Posted 14 March 2014 - 09:32 PM

digitalEntity, on 14 March 2014 - 06:20 PM said:
Hold on, hold on, hold on. I figured it out. I'm editing this momentarily with the code I used.
Edit:
x = 0
while true do
		 local event, scancode = os.pullEvent("key")
if scancode <=54 then
		 if scancode==28 then
				  end
		 elseif  scancode==15 or scancode==29 or scancode==12 or scancode==13 or scancode==26 or scancode==27 or scancode==43 or scancode==39 or scancode==40 or scancode==51 or scancode==52 or scancode==53 then
		 else
				  x = (x*100)+scancode
end
end
end
print(x)
The changes were:

Whoops, I'm a moron, I wanted it to look for everything <=54 instead of >=54

and

Derpy derp I'm gonna completely, and accidentally remove any form of action after the long *** list of non-alphanumeric scancodes. DERP… still don't know how that worked lol

Well In my opinion i would suggest you to make use of the string.byte function to convert the client-side password into a (hashed) byte number.

As I made / customized my own a bit you can take a look at almost the same code:

Spoiler


-- _G.string.hash is a function in my api.
-- to use:
-- local input = read("*")
-- local hashedpassword = string.hash(input, optional length of the hashed number)

_G.string.hash = function( String, optional_length ) -- Length is optional
  --[==[
    Modified hashing algorithm
  --]==]
  local Hash_Length = 64; -- The normal length of the hash
  Length = optional_length or Hash_Length;
  local Total = 0;
  local Iteration = 0;
  for v in String:gmatch( "." ) do -- Go through every letter/symbol/char in the string and add it to the Total
    Total = Total + (v:byte()^2); -- find the byte of the letter/symbol/char and multiply it with the same byte, then add it to the total
  end
  local NewTotal = Total;
  while Total >= 1 do
    Total = Total / 2;
  end
  Total = tostring( Total );
  while #Total ~= Length do
    Iteration = Iteration + 1;
    if #Total > Length then
      Total = Total:sub( 1, #Total - 1 );
    else
      Total = Total..tostring( Length * Iteration + NewTotal );
    end
  end
  Total = Total:gsub( "[.]", "" )..tostring( Length ):sub( 1, 1 ); -- Remove all Comma's/Dot's, and create the final result
  return Total; -- Return
end

Edited on 14 March 2014 - 08:33 PM

digitalEntity #13

36 posts

Location Drowned, in the Mountain of the Spirits

Posted 14 March 2014 - 10:10 PM

Mikk809h, on 14 March 2014 - 09:32 PM said:
-- _G.string.hash is a function in my api.

I'm going to guess I have to download said API in some way?

And also, I understood how most of the parts worked on their own, but I had a hard time figuring out how they all geared together, which is discomforting to me, as I'd prefer to understand how my tools work. All in all, I would agree that a system such as this would probably generate better results on the topic of security, but I would prefer to continue using the program I made (and understand) until I can better understand lua as a whole.

Thank you, however, for your effort and relatively simple hash algorithm (I say relatively because I tried to search for a simple lua hash algorithm, and the only good one I could find was multiple pages long, compared to your couple dozen lines lol) In the future, when I have more time to pore over coding examples of this intensity, I may in fact use your coding lol.

Goof #14

Goof's profile picture

767 posts

Posted 14 March 2014 - 10:22 PM

digitalEntity, on 14 March 2014 - 10:10 PM said:
Mikk809h, on 14 March 2014 - 09:32 PM said:
-- _G.string.hash is a function in my api.
I'm going to guess I have to download said API in some way?

And also, I understood how most of the parts worked on their own, but I had a hard time figuring out how they all geared together, which is discomforting to me, as I'd prefer to understand how my tools work. All in all, I would agree that a system such as this would probably generate better results on the topic of security, but I would prefer to continue using the program I made (and understand) until I can better understand lua as a whole.

Thank you, however, for your effort and relatively simple hash algorithm (I say relatively because I tried to search for a simple lua hash algorithm, and the only good one I could find was multiple pages long, compared to your couple dozen lines lol) In the future, when I have more time to pore over coding examples of this intensity, I may in fact use your coding lol.

Sure!

If you want further help, ask here, else you can just PM me, and i'll do what i can to help you :D/>

And a good tip:

You're learning better by doing what you're doing there.. ( taking code from others, can be helpfull, but you have to understand it, else you wont learn anything from that code i posted. )

You'll learn everything some nice and shiny day :D/>