16 posts
Posted 15 July 2014 - 10:14 AM
I wanted to take my password door to the next level with encrypted files so that people can't hack the password.
This is a read-only snapshot of the ComputerCraft forums,
taken in April 2020.
Encryption/Decryption?
Started by CCNerd a.k.a CCNoob, 15 July 2014 - 08:14 AM
3057 posts
United States of America
Posted 15 July 2014 - 04:36 PM
I recommend using hashing, specifically gravityscore's sha256 (it's on the forums somewhere). Encryption isn't suited to storing passwords.
short example of sha256:
short example of sha256:
local file = fs.open( "password", "r" ) --#open pass file
local hashpass = file.readAll() --#read it
file.close() --#close it
local password = read("*") --#get user input
if sha256( password ) == hashpass then
--#congrats
else
--#oops
end
7083 posts
Tasmania (AU)
Posted 15 July 2014 - 04:37 PM
Encryption isn't really suitable for this sort of thing. You'd generally use a hash.
The idea is that when you go to code in the correct password, you instead hash it and put that hash value into your script. When the user is prompted to type the password later, you hash their input and see if it matches the hash you made earlier. If they match, then hey presto! You let them in. If they manage to get access to the files stored on the computer, then they still don't see your password - they only see the hash you made from it.
Though if you have to worry about users sniffing your data, then you're already doing things wrong. Have a think about how users might go about breaking your system - odds are the solution isn't a coding one.
The idea is that when you go to code in the correct password, you instead hash it and put that hash value into your script. When the user is prompted to type the password later, you hash their input and see if it matches the hash you made earlier. If they match, then hey presto! You let them in. If they manage to get access to the files stored on the computer, then they still don't see your password - they only see the hash you made from it.
Though if you have to worry about users sniffing your data, then you're already doing things wrong. Have a think about how users might go about breaking your system - odds are the solution isn't a coding one.
16 posts
Posted 16 July 2014 - 07:11 AM
Anyways, What if I want a string of data encrypted with a userdefined key?
Like encrypting the transmission of rednet signals.
Like encrypting the transmission of rednet signals.
756 posts
Posted 16 July 2014 - 10:25 PM
For password storage, you'll want hashing
I made a script in which you give it your password and it will create a password prompt script with your salted password hash.
For secure communication over rednet, you might want to take a look at KillaVanilla's Secure Tunnels, which uses Diffie-Hellman key exchange and AES-128
I made a script in which you give it your password and it will create a password prompt script with your salted password hash.
For secure communication over rednet, you might want to take a look at KillaVanilla's Secure Tunnels, which uses Diffie-Hellman key exchange and AES-128
Edited on 16 July 2014 - 08:25 PM