[DiscordArchive] What are you trying to do anyway, <@218402627636035585> ?
[DiscordArchive] What are you trying to do anyway, <@218402627636035585> ?
Original source
What are you trying to do anyway, <@218402627636035585> ?
rektbyfaith
11-22-2022, 12:59 PM #1Archived author: Michael Crilly • Posted: 2022-11-22T12:59:09.577000+00:00
Original source
What are you trying to do anyway, <@218402627636035585> ?
Original source
i rather wont say bcs its just stupid
rektbyfaith
11-22-2022, 12:59 PM #2Archived author: Rymercyble • Posted: 2022-11-22T12:59:29.276000+00:00
Original source
i rather wont say bcs its just stupid
Original source
The server checks the password by providing the password as a string, it might be some kind of algo attached to it but I can't imagine it's advanced in any way if any is even used.
rektbyfaith
11-22-2022, 01:01 PM #3Archived author: Revision • Posted: 2022-11-22T13:01:46.375000+00:00
Original source
The server checks the password by providing the password as a string, it might be some kind of algo attached to it but I can't imagine it's advanced in any way if any is even used.
Original source
i got answer
rektbyfaith
11-22-2022, 01:03 PM #4Archived author: Rymercyble • Posted: 2022-11-22T13:03:22.026000+00:00
Original source
i got answer
Original source
It doesn't send the password
SRP is a protocol that uses math to determine both sides know the same thing without needing to exchange the password during login
The only time the password is ever shared is during registration, which should occur on a SSL certified website which also uses sha-1 to hash the password
So as long as you register on a secure site, there is no way to determine the password of an account outside of pure bruteforce
Passwords don't even need to be stored on the server
rektbyfaith
11-22-2022, 01:03 PM #5Archived author: Rymercyble • Posted: 2022-11-22T13:03:53.880000+00:00
Original source
It doesn't send the password
SRP is a protocol that uses math to determine both sides know the same thing without needing to exchange the password during login
The only time the password is ever shared is during registration, which should occur on a SSL certified website which also uses sha-1 to hash the password
So as long as you register on a secure site, there is no way to determine the password of an account outside of pure bruteforce
Passwords don't even need to be stored on the server
Original source
With SHA-1? Think again, mate. Crack that in seconds.
rektbyfaith
11-22-2022, 01:08 PM #6Archived author: Michael Crilly • Posted: 2022-11-22T13:08:50.229000+00:00
Original source
With SHA-1? Think again, mate. Crack that in seconds.
Original source
That's not how the server stores it though.
rektbyfaith
11-22-2022, 01:09 PM #7Archived author: Revision • Posted: 2022-11-22T13:09:11.031000+00:00
Original source
That's not how the server stores it though.
Original source
original question was `does client hash password or it just sends it as plain text ?` so its not related to what server does
rektbyfaith
11-22-2022, 01:10 PM #8Archived author: Rymercyble • Posted: 2022-11-22T13:10:20.855000+00:00
Original source
original question was `does client hash password or it just sends it as plain text ?` so its not related to what server does
Original source
Yes, it doesn't send plain text then. I guess in the end it doesn't matter since the server does other things with it.
rektbyfaith
11-22-2022, 01:11 PM #9Archived author: Revision • Posted: 2022-11-22T13:11:55.225000+00:00
Original source
Yes, it doesn't send plain text then. I guess in the end it doesn't matter since the server does other things with it.
Original source
as i was told TC no longer even has password column in account table
rektbyfaith
11-22-2022, 01:13 PM #10Archived author: Rymercyble • Posted: 2022-11-22T13:13:01.646000+00:00
Original source
as i was told TC no longer even has password column in account table
1 Guest(s)
1 Guest(s)