metin2/server
metin2
/
server
2
2
Fork 9
Code Issues 15 Pull Requests 2 Packages Projects Releases Wiki Activity

Use Argon2ID as the password hashing algorithm #26

Merged
Exynox merged 3 commits from WildEgo/server:master into nightly 2024-06-01 14:32:22 +03:00
Conversation 4 Commits 3 Files Changed 9 +95 -101
WildEgo commented 2024-06-01 12:44:27 +03:00
Contributor
Copy Link
No description provided.
WildEgo added 3 commits 2024-06-01 12:44:28 +03:00
Exynox commented 2024-06-01 13:03:38 +03:00
Owner
Copy Link

Hi, thanks for the PR! I was going to use Bcrypt, but I did some reading and this seems a better technical solution at first glance. I'll check it out!

Hi, thanks for the PR! I was going to use Bcrypt, but I did some reading and this seems a better technical solution at first glance. I'll check it out!
WildEgo commented 2024-06-01 14:20:31 +03:00
Author
Contributor
Copy Link

Hi, thanks for the PR! I was going to use Bcrypt, but I did some reading and this seems a better technical solution at first glance. I'll check it out!

Argon2ID is super nice and super balanced, also works with Laravel with just a change from what I remember which is nice, as well as anything recent, if you need a password this should work for you $argon2id$v=19$m=16,t=2,p=1$MTIzNDU2Nzg$Dhk8fwnes+f9vzOwgdALlA <- That's password, also had some issues setting up the server after the update but I got around it (locale changes)

> Hi, thanks for the PR! I was going to use Bcrypt, but I did some reading and this seems a better technical solution at first glance. I'll check it out! Argon2ID is super nice and super balanced, also works with Laravel with just a change from what I remember which is nice, as well as anything recent, if you need a password this should work for you `$argon2id$v=19$m=16,t=2,p=1$MTIzNDU2Nzg$Dhk8fwnes+f9vzOwgdALlA` <- That's `password`, also had some issues setting up the server after the update but I got around it (locale changes)
Exynox merged commit 8ed1e7879e into nightly 2024-06-01 14:32:22 +03:00
Exynox commented 2024-06-01 14:38:29 +03:00
Owner
Copy Link

Yeah, sorry for the undocumented locale changes!

I've merged your request and I also did some changes, mainly the password doesn't get passed around to the database, and the fact that the game would yield different results messages for a "account not found" and a "wrong password" status, which doesn't sit right with good security practices.

Make sure to update the client as well.

Yeah, sorry for the undocumented locale changes! I've merged your request and I also did some changes, mainly the password doesn't get passed around to the database, and the fact that the game would yield different results messages for a "account not found" and a "wrong password" status, which doesn't sit right with good security practices. Make sure to update the client as well.
WildEgo commented 2024-06-01 14:40:36 +03:00
Author
Contributor
Copy Link

Yeah, sorry for the undocumented locale changes!

I've merged your request and I also did some changes, mainly the password doesn't get passed around to the database, and the fact that the game would yield different results messages for a "account not found" and a "wrong password" status, which doesn't sit right with good security practices.

Make sure to update the client as well.

No worries mate, anything I do on the server side or client side is more "proof of concept" then anything since I'm not familiar with cpp in the least so I just puzzle logic together, any improvements to what I do are appreciated.

Any stuff you'd want added or modified that I can play around with?

> Yeah, sorry for the undocumented locale changes! > > I've merged your request and I also did some changes, mainly the password doesn't get passed around to the database, and the fact that the game would yield different results messages for a "account not found" and a "wrong password" status, which doesn't sit right with good security practices. > > Make sure to update the client as well. No worries mate, anything I do on the server side or client side is more "proof of concept" then anything since I'm not familiar with cpp in the least so I just puzzle logic together, any improvements to what I do are appreciated. Any stuff you'd want added or modified that I can play around with?
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: metin2/server#26
No description provided.
Delete Branch "WildEgo/server:master"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?