I'd like to see more hashing support. SHA1 and SHA256 to be more specific.
SHA1 because SMF forums currently use SHA1 and I'm now linking future projects to work with the SMF database.
SHA256 because from what I understand SHA1 was broken and SHA256 is more secure.
I am curious as to why we only have MD5() support natively at the moment.
ID:1601920
Jun 16 2014, 2:37 pm
|
|||||||
| |||||||
Jun 16 2014, 2:44 pm
|
|
+1
|
Dupe
Though you'll fine I think implementing SHA-1 is a waste considering it's been vulnerable for almost a decade now. |
In response to Airjoe
|
|
Airjoe wrote:
Though you'll fine I think implementing SHA-1 is a waste considering it's been vulnerable for almost a decade now. SMF still uses it, so I'd really like to push for that one still. It's actually one of the main reasons I made a post. I know of a lib that comes with a DLL/SO for SHA256. The problem is SMF still uses SHA1 and I can't find anything for it. I suck at C/C++ as well and it never turns out well for me. I was going to try and compile something for SHA1 however I always end up with linker issues. x.x I mainly work in C#, C++ is too over my head. Would it really be that bad of an idea to implement most of the ones that are/were used the most? I mean, we only have MD5() natively, might as well add SHA1 as well as SHA256. EDIT: It seems in the dupe post that SHA1 was also wanted by other community members as well for similar reasons. I'd like to ask that it be considered regardless of being broken-- It is still used. |
Depending on what your setup is, you could use shell() to get out of DM and call some arbitrary program you've written to handle the hashing stuff. It's a workaround, and it's operating system specific, but it's a way of doing this without too much hassle. An external library would be OS-specific too, so there's that at least.
Depending on how you're getting that SHA1 hash out, you could conceivably do it in DM too, by treating the SHA1 hash as a list of numbers, one for each byte. |
In response to Jp
|
|
Jp wrote:
Depending on what your setup is, you could use shell() It's a great idea (http://www.byond.com/forum/?post=1600974) shell() is pretty bad, It returns a 0 and not the stdout which sucks when trying to do this kind if thing. Especially since it creates unnecessary disk reads and writes just to print out a lousy command like ls. |
I would like this as well.
In the mean time, until this is implemented, you can use A.T.H.K's method or mine. I believe A.T.H.K's is more efficient but mine will work regardless, as long as you have an internet connection. This is just a workaround until a built-in method is made, which should be the most efficient way. Anywho: Just a sample code: var/list/sha256_hash_cache=list() PHP SCRIPT: <?php |
Nice work!
But both workarounds are excessive. One expects you to be using Linux and the other expects you to have a webserver with PHP installed.. A DLL or native hashing system would be much easier and better. |
Agreed, I shall leave that page of mine up and if you need additional hashing methods, I will upload those as well.
The DLL calling method is much more preferable as A.T.H.K has stated. |
In response to A.T.H.K
|
|
A.T.H.K wrote:
A DLL or native hashing system would be much easier and better. For sure.^ Also, thanks Ssj4justdale. I came up with a similar solution except I never added hash cache functions. |
Keep in mind that for all of these methods, your users' passwords will be traveling in plaintext across the internet to the host's machine (and then on to a web server for a PHP-based hashing solution).
It might be worth adding a warning, so they don't reuse their BYOND key password or other important password as their game/forum account password. You could do the hashing client-side in JavaScript, and just send the hash to the host. |
Awesome. I really hope this gets implemented.
I'm unsure of BYOND's MySQL features so I won't say for sure, but can you use MySql's SHA2() function? |
Ssj4justdale wrote:
Awesome. I really hope this gets implemented. MySQL depends on a library, dantom.db I had a quick look, doesn't seem to be any hashing functions in the lib, then again using this requires you to have a server with MySQL installed.. DarkCampainger wrote: You could do the hashing client-side in JavaScript, and just send the hash to the host. I was trying to push this to be native, anyway there is this JS Library for SHA1, http://www.webtoolkit.info/javascript-sha1.html#.U6JmePmLEnE |
Does the /database datum use dantom.db library? I truly don't know.
The /database is built-in to BYOND |
In response to Ssj4justdale
|
|
Ssj4justdale wrote:
Does the /database datum use dantom.db library? I truly don't know. That's SQLite. |
In response to DarkCampainger
|
|
DarkCampainger wrote:
Keep in mind that for all of these methods, your users' passwords will be traveling in plaintext across the internet to the host's machine (and then on to a web server for a PHP-based hashing solution). I spent like 2-3 hours working on a javascript soluton just because of this-- I was under the influence and it failed. I'll probably try again when sober. Rofl. |
In response to Ssj4justdale
|
|
Ssj4justdale wrote:
http://www.byond.com/developer/Murrawhip/Crypto Murrawhip is a friend of mine- I couldn't get the linker working. I was going to change up what he released on github to support more than SHA256. The linker always gives me issues with VS. -_- |
You would need to use VS06(from my understanding) for it to work. It's what I used for my cryptoBYOND library which supports all sha's (sha1, sha224, sha256, sha384, sha512)
It's a simple tactic of adding additional hashing functions since the labor is already done, all you need to do is construct it. |