Main Menu
Main Page
Forums
New pages
Recent changes
Random page
Help

Glitches
Arbitrary code execution
Pokémon cloning
Pomeg glitch
Tweaking
Glitches by generation
Glitch categories

References/Resources
Databases
Disassembly projects
The Big HEX List
Pokémon cheat codes
Pokémon glitch terminology
Useful tools
More

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Technical
Site source code

Search Wiki

 

Search Forums

 

Author Topic: Password authentication  (Read 1848 times)

0 Members and 1 Guest are viewing this topic.

IIMarckus

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Impersonal Text
    • View Profile
    • iimarck.us
Password authentication
« on: December 06, 2007, 04:15:34 pm »
Hey guys,

I found a good web host recently, and have been working on a webpage. As an exercise, I'm building a user-based system from the ground up. What should I do for passwords? Obviously it wouldn't be a good idea to store the passwords in plain text in the database... I'm thinking of one-way-encrypting passwords as they come in, and comparing the encrypted versions. Is this a good or feasible idea? If so, what sort of encryption algorithm would be useful?

Photon-Phoenix

  • Gotta pop dem windows.
  • Head Administrator
  • *****
  • Offline Offline
  • Gender: Male
    • View Profile
Re: Password authentication
« Reply #1 on: December 16, 2007, 05:36:26 pm »
Use a double encription matrix.  Take a pass like CARS and make it a matrix [3 1 18 19] (alphanumeraic) multiply it by an (ex.)[15 32 66 58] then multiply that by [16 88 55 14] to encript it.  To decript it (login) multilply the password by the inverse of the second then that product by the inverse of the first and you should be left with [3 1 18 19] and that should read as CARS or something. This'll only work if you know matricies and if double encription even works. I've only done single encription in math class (Algebra 2). :\

IIMarckus

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Impersonal Text
    • View Profile
    • iimarck.us
Re: Password authentication
« Reply #2 on: December 16, 2007, 06:14:39 pm »
Well, the thing about that is security. If someone gained FTP access to my page, they could view the page source code to find the encryption, then decrypt every password in the database. For passwords, I wanted something that can't be decrypted, even if someone managed to get administrator access.

What I eventually decided on was a SHA-256 hash, by the way. All passwords are encrypted with this before being stored in the database, meaning that there is literally no way to decode them even if you can view it.