[DiscordArchive] is there any reason why password building is done like its done ? i mean does client somehow require

Forums WoW Modding Support Archives Azerothcore Discord Archives [DiscordArchive] is there any reason why password building is done like its done ? i mean does client somehow require

Pages (3): Previous 1 2 3

rektbyfaith
Administrator

11-22-2022, 12:54 PM

#21

Archived author: Revision • Posted: 2022-11-22T12:54:21.202000+00:00
Original source

I find it highly unlikely that the client does anything other than send the password.

rektbyfaith

11-22-2022, 12:54 PM #21

Archived author: Revision • Posted: 2022-11-22T12:54:21.202000+00:00
Original source

I find it highly unlikely that the client does anything other than send the password.

rektbyfaith
Administrator

11-22-2022, 12:54 PM

#22

Archived author: Michael Crilly • Posted: 2022-11-22T12:54:42.857000+00:00
Original source

This isn't relevant to how password hashing works.

rektbyfaith

11-22-2022, 12:54 PM #22

Archived author: Michael Crilly • Posted: 2022-11-22T12:54:42.857000+00:00
Original source

This isn't relevant to how password hashing works.

rektbyfaith
Administrator

11-22-2022, 12:54 PM

#23

Archived author: Michael Crilly • Posted: 2022-11-22T12:54:55.415000+00:00
Original source

Both client and server simply need to be aligned on the algorithm to use.

rektbyfaith

11-22-2022, 12:54 PM #23

Archived author: Michael Crilly • Posted: 2022-11-22T12:54:55.415000+00:00
Original source

Both client and server simply need to be aligned on the algorithm to use.

rektbyfaith
Administrator

11-22-2022, 12:55 PM

#24

Archived author: Revision • Posted: 2022-11-22T12:55:24.961000+00:00
Original source

Yes but way back when I've seen different algorithms used.

rektbyfaith

11-22-2022, 12:55 PM #24

Archived author: Revision • Posted: 2022-11-22T12:55:24.961000+00:00
Original source

Yes but way back when I've seen different algorithms used.

rektbyfaith
Administrator

11-22-2022, 12:55 PM

#25

Archived author: Michael Crilly • Posted: 2022-11-22T12:55:40.235000+00:00
Original source

Of course, I'm not saying you're wrong about the client just sending it plain text - I would be surprised by that as a design decision - but the world server doesn't need to send the client anything.

rektbyfaith

11-22-2022, 12:55 PM #25

rektbyfaith
Administrator

11-22-2022, 12:55 PM

#26

Archived author: Rymercyble • Posted: 2022-11-22T12:55:59.200000+00:00
Original source

they dont even if for some reason client hashes password u can just pretend that that hash is password and hash it again in server

rektbyfaith

11-22-2022, 12:55 PM #26

rektbyfaith
Administrator

11-22-2022, 12:58 PM

#27

Archived author: Michael Crilly • Posted: 2022-11-22T12:58:22.763000+00:00
Original source

Yes. That's a common way to take a client password and make it more complex known as a derived key.

rektbyfaith

11-22-2022, 12:58 PM #27

Archived author: Michael Crilly • Posted: 2022-11-22T12:58:22.763000+00:00
Original source

Yes. That's a common way to take a client password and make it more complex known as a derived key.

rektbyfaith
Administrator

11-22-2022, 12:58 PM

#28

Archived author: Michael Crilly • Posted: 2022-11-22T12:58:44.705000+00:00
Original source

If the client is talking SSL to the server from packet 0, then the client can send the password "as is".

rektbyfaith

11-22-2022, 12:58 PM #28

Archived author: Michael Crilly • Posted: 2022-11-22T12:58:44.705000+00:00
Original source

If the client is talking SSL to the server from packet 0, then the client can send the password "as is".

Pages (3): Previous 1 2 3

Recently Browsing
1 Guest(s)