wraitii
7bfcd9f78b
The purpose of our client-side hashing for lobby game passwords is to prevent malicious hosts from getting valuable passwords from clients (e.g. accidentally typing their lobby password instead of the game, or even their email password, etc). However, the hashing was deterministic (and rather simple), making it possible to compute rainbow tables and recover user passwords anyways. By adding more variation, including some that cannot so easily be controlled by the host (the client name), this becomes impractical. The password hashing function used is rather fast, but given the base low probability of mistypes, this seems fine. Differential Revision: https://code.wildfiregames.com/D3459 This was SVN commit r25459.
33 lines
1.1 KiB
C++
33 lines
1.1 KiB
C++
/* Copyright (C) 2021 Wildfire Games.
|
|
* This file is part of 0 A.D.
|
|
*
|
|
* 0 A.D. is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* 0 A.D. is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with 0 A.D. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef INCLUDED_HASHING
|
|
#define INCLUDED_HASHING
|
|
|
|
class CStr8;
|
|
|
|
/**
|
|
* Hash a string in a cryptographically secure manner.
|
|
* This method is intended to be 'somewhat fast' for password hashing,
|
|
* and should neither be used where a fast real-time hash is wanted,
|
|
* nor for more sensitive passwords.
|
|
* @return a hex-encoded string.
|
|
*/
|
|
CStr8 HashCryptographically(const CStr8& password, const CStr8& salt);
|
|
|
|
#endif
|