Cayleb-Ordo/0ad
1
0
Fork 0
forked from 0ad/0ad
Code Pull Requests Activity
7bfcd9f78b
0ad/source/network/scripting
History
wraitii 7bfcd9f78b Additional entropy when hashing match passwords. 
The purpose of our client-side hashing for lobby game passwords is to
prevent malicious hosts from getting valuable passwords from clients
(e.g. accidentally typing their lobby password instead of the game, or
even their email password, etc).
However, the hashing was deterministic (and rather simple), making it
possible to compute rainbow tables and recover user passwords anyways.

By adding more variation, including some that cannot so easily be
controlled by the host (the client name), this becomes impractical. The
password hashing function used is rather fast, but given the base low
probability of mistypes, this seems fine.

Differential Revision: https://code.wildfiregames.com/D3459
This was SVN commit r25459.
2021-05-18 14:47:36 +00:00
..
JSInterface_Network.cpp Additional entropy when hashing match passwords. 2021-05-18 14:47:36 +00:00
JSInterface_Network.h Refactor all usage of RegisterFunction to ScriptFunction::Register 2021-03-02 20:01:14 +00:00