Salted Hash

Salted hash? No, I’m not talking about food lol. I’ve been working on the authentication methods between the client and the server. The stored passwords in the database are now hashed using a secure hashing algorithm. No more plain text passwords. I know, sounds bad, but it was strictly for testing purposes. The web site uses SSL encryption, and also hashes the passwords as well. However, I’m still working on the encryption methods for the game client.

I decided to salt our hashed passwords in the client with random bits that are generated on demand by the server. This way a login packet should never contain the exact same data every time a client authenticates and logs in. This is done to avoid a “replay attack”, where a “man in the middle” snoops the login packet, and tries to use it later to authenticate as that client.

Note that hashing is not encryption. Hashing is strictly one-way, and theoretically can’t be decoded. Encryption implies that a decryption can take place.

About Eric DeBrosse

Lead developer of the Orion Engine.
This entry was posted in Game Development, Web Site Updates and tagged , , , , . Bookmark the permalink.