[gameprogrammer] Re: crypt() in windows
- From: Nick Howes <nick@xxxxxxxxxxxxxxx>
- To: gameprogrammer@xxxxxxxxxxxxx
- Date: Mon, 20 Feb 2006 16:44:47 +0000
Roger D Vargas wrote:
There is some portable way to get a hash from a string? I have to
create an user account via php, create a password hash, insert it into
the user database and then calculate the hash again in the client side
when user logs in to avoid sending the plain password. But I cant find
in Visual C++ the function crypt(), available in php and unix.
It doesn't help to crypt it client-side; if you do it like that,
somebody getting hold of your data could just send the crypted version
again without needing to know the original password. You may as well
just crypt() the password on the server when it reaches it. If you want
security over the network then you need to use HTTPS or another secure
protocol when logging in.
Also, PHP's crypt() function has a number of different algorithms it can
use to hash, so you have to take into account salts and stuff when you
use it to crypt() another string. The documentation goes into detail.
Alternatively you can just explicitly use a popular hashing algorithm
like md5() or sha1() (both in PHP), C source for which is available in
various places
---------------------
To unsubscribe go to http://gameprogrammer.com/mailinglist.html
- References:
- [gameprogrammer] crypt() in windows
- From: Roger D Vargas
Other related posts:
- » [gameprogrammer] crypt() in windows
- » [gameprogrammer] Re: crypt() in windows
- » [gameprogrammer] Re: crypt() in windows
- [gameprogrammer] crypt() in windows
- From: Roger D Vargas