[DiscordArchive] is there any reason why password building is done like its done ? i mean does client somehow require
[DiscordArchive] is there any reason why password building is done like its done ? i mean does client somehow require
Original source
I find it highly unlikely that the client does anything other than send the password.
rektbyfaith
11-22-2022, 12:54 PM #21Archived author: Revision • Posted: 2022-11-22T12:54:21.202000+00:00
Original source
I find it highly unlikely that the client does anything other than send the password.
Original source
This isn't relevant to how password hashing works.
rektbyfaith
11-22-2022, 12:54 PM #22Archived author: Michael Crilly • Posted: 2022-11-22T12:54:42.857000+00:00
Original source
This isn't relevant to how password hashing works.
Original source
Both client and server simply need to be aligned on the algorithm to use.
rektbyfaith
11-22-2022, 12:54 PM #23Archived author: Michael Crilly • Posted: 2022-11-22T12:54:55.415000+00:00
Original source
Both client and server simply need to be aligned on the algorithm to use.
Original source
Yes but way back when I've seen different algorithms used.
rektbyfaith
11-22-2022, 12:55 PM #24Archived author: Revision • Posted: 2022-11-22T12:55:24.961000+00:00
Original source
Yes but way back when I've seen different algorithms used.
Original source
Of course, I'm not saying you're wrong about the client just sending it plain text - I would be surprised by that as a design decision - but the world server doesn't need to send the client anything.
rektbyfaith
11-22-2022, 12:55 PM #25Archived author: Michael Crilly • Posted: 2022-11-22T12:55:40.235000+00:00
Original source
Of course, I'm not saying you're wrong about the client just sending it plain text - I would be surprised by that as a design decision - but the world server doesn't need to send the client anything.
Original source
they dont even if for some reason client hashes password u can just pretend that that hash is password and hash it again in server
rektbyfaith
11-22-2022, 12:55 PM #26Archived author: Rymercyble • Posted: 2022-11-22T12:55:59.200000+00:00
Original source
they dont even if for some reason client hashes password u can just pretend that that hash is password and hash it again in server
Original source
Yes. That's a common way to take a client password and make it more complex known as a derived key.
rektbyfaith
11-22-2022, 12:58 PM #27Archived author: Michael Crilly • Posted: 2022-11-22T12:58:22.763000+00:00
Original source
Yes. That's a common way to take a client password and make it more complex known as a derived key.
Original source
If the client is talking SSL to the server from packet 0, then the client can send the password "as is".
rektbyfaith
11-22-2022, 12:58 PM #28Archived author: Michael Crilly • Posted: 2022-11-22T12:58:44.705000+00:00
Original source
If the client is talking SSL to the server from packet 0, then the client can send the password "as is".