Go Back   EQEmulator Home > EQEmulator Forums > Development > Development::Tools
Reload this Page 0.5.7 Minilogin, and LS release

Development::Tools 3rd Party Tools for EQEMu (DB management tools, front ends, etc...)

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #26  
Old 09-21-2004, 04:58 AM
RangerDown
Demi-God
  
Join Date: Mar 2004
Posts: 1,066
Default
Quote:
The problem with that is that if they sniff packets they can pull out the md5, and even though they can't get it back out, they can send it already hashed. Of course, we could defeat that with a salt, but SSL would still be far more secure.
No, don't try to make the client hash the password before sending it up. Send the password encrypted, but using something that can be decrypted. SSL would be perfect because the keys are dynamically generated, and the server would be able to decrypt the block once it got it. Then, using the (now decrypted and now plaintext) password, the server compares a hash of it to the hash you have in the user database, to see if the password is correct.
__________________
<idleRPG> Rogean ate a plate of discounted, day-old sushi. This terrible calamity has slowed them 0 days, 15:13:51 from level 48.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

   

All times are GMT -4. The time now is 06:32 PM.

EQEmulator - Archive - Top

 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3