Password Hashing

Post Reply
Pseudonym
Posts: 7
Joined: Thu Aug 01, 2013 4:46 pm

Password Hashing

Post by Pseudonym » Sat Aug 10, 2013 8:01 am

I am aware this may not be the right place at all to ask this, most definitely not the right index to post this.
If there was another forum index that this could have went in, I'm deeply sorry about it.

But anyway, I was wondering what the hashing algorithm the client uses to hash the passwords before storing them in the database, this may come off like "Hacker" since I'm asking about what hashing algorithm is used, but I've been building a website for a server and trying to hash the passwords in register.php correctly to match the servers passwords, but it's just been ending up badly, thought it might have been sha1(sha1($pass));

Scoured the internet a bit, it's came close to telling me that it's a mysql hash, as I believe, but if I may have found it on a page, I have poor attention so I may have went past it.

User avatar
whasf
Site Admin
Posts: 1312
Joined: Thu Jul 19, 2012 9:11 pm

Re: Password Hashing

Post by whasf » Sat Aug 10, 2013 11:08 am

the server uses the MySQL password() function.
-- Whasf

Pseudonym
Posts: 7
Joined: Thu Aug 01, 2013 4:46 pm

Re: Password Hashing

Post by Pseudonym » Sat Aug 10, 2013 12:17 pm

Can it be used in PHP?

Pseudonym
Posts: 7
Joined: Thu Aug 01, 2013 4:46 pm

Re: Password Hashing

Post by Pseudonym » Sat Aug 10, 2013 12:19 pm

Maybe equivalent to SHA1(UNHEX(SHA1())) perhaps? I'll try it out.

User avatar
atom0s
Developer
Posts: 537
Joined: Thu Oct 25, 2012 9:52 am

Re: Password Hashing

Post by atom0s » Sat Aug 10, 2013 12:30 pm

DSP uses the following to create the login data/password:

Code: Select all

				fmtQuery = "INSERT INTO accounts(id,login,password,timecreate,timelastmodify,status,priv)\
									   VALUES(%d,'%s',PASSWORD('%s'),'%s',NULL,%d,%d);";

				if( Sql_Query(SqlHandle,fmtQuery,accid,login,password,
							  strtimecreate,ACCST_NORMAL,ACCPRIV_USER) == SQL_ERROR )
				{
					WBUFB(session[fd]->wdata,0) = LOGIN_ERROR_CREATE;
					WFIFOSET(fd,1);
					do_close_login(sd,fd);
					return -1;
				}
You should be able to use the same query from PHP and have the same results.

Pseudonym
Posts: 7
Joined: Thu Aug 01, 2013 4:46 pm

Re: Password Hashing

Post by Pseudonym » Sat Aug 10, 2013 12:38 pm

Thank you guys, I'll do it now, took me a while when setting up a page for creating accounts(if possible soon characters), noticed auto increment was off so I couldn't type in DEFAULT for id, change it to Auto Increment, so even the webpage could create accounts, I'm wondering if it can cause any problems having it set to auto Incremented?

Never was a big fan of functions so I never did a few of the typical ones.

Edit: The id situation was done last night, so both web and client are creating accounts, from being said above, was wondering if you don't mind on posting opinions of security and functionality of setting it to auto increment.

User avatar
atom0s
Developer
Posts: 537
Joined: Thu Oct 25, 2012 9:52 am

Re: Password Hashing

Post by atom0s » Sat Aug 10, 2013 6:07 pm

You can pull the max current id from the database using:
SELECT max(accounts.id) FROM accounts;

Then just +1 to the result for the next creation that you insert into the database.

Post Reply