Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: Password authentication  (Read 1388 times)

0 Members and 1 Guest are viewing this topic.

IIMarckus

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Impersonal Text
    • View Profile
    • iimarck.us
Password authentication
« on: December 06, 2007, 04:15:34 pm »
Hey guys,

I found a good web host recently, and have been working on a webpage. As an exercise, I'm building a user-based system from the ground up. What should I do for passwords? Obviously it wouldn't be a good idea to store the passwords in plain text in the database... I'm thinking of one-way-encrypting passwords as they come in, and comparing the encrypted versions. Is this a good or feasible idea? If so, what sort of encryption algorithm would be useful?

Photon-Phoenix

  • Gotta pop dem windows.
  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
    • View Profile
Re: Password authentication
« Reply #1 on: December 16, 2007, 05:36:26 pm »
Use a double encription matrix.  Take a pass like CARS and make it a matrix [3 1 18 19] (alphanumeraic) multiply it by an (ex.)[15 32 66 58] then multiply that by [16 88 55 14] to encript it.  To decript it (login) multilply the password by the inverse of the second then that product by the inverse of the first and you should be left with [3 1 18 19] and that should read as CARS or something. This'll only work if you know matricies and if double encription even works. I've only done single encription in math class (Algebra 2). :\

IIMarckus

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Impersonal Text
    • View Profile
    • iimarck.us
Re: Password authentication
« Reply #2 on: December 16, 2007, 06:14:39 pm »
Well, the thing about that is security. If someone gained FTP access to my page, they could view the page source code to find the encryption, then decrypt every password in the database. For passwords, I wanted something that can't be decrypted, even if someone managed to get administrator access.

What I eventually decided on was a SHA-256 hash, by the way. All passwords are encrypted with this before being stored in the database, meaning that there is literally no way to decode them even if you can view it.