FOSS gamedev and creative worlds

FOSS gamedev and creative worlds
https://forums.minetest.org/

password encryption [solved]

https://forums.minetest.org/viewtopic.php?f=6&t=15552

Page 1 of 1

password encryption [solved]

PostPosted: Fri Sep 23, 2016 00:31
by TARD
When a user creates a new account to join a server does the password encryption start at client before traveling the internet or does this take place on the server side?

Re: password encryption

PostPosted: Fri Sep 23, 2016 01:03
by ExeterDad
Client side. Password is never really sent over the wire. Only hashes unique to the server. In other words, if you use the same password on every server you play, the stored hash on the servers will not be the same, nor can be used by a evil server owner to log in as you on another server.

Re: password encryption

PostPosted: Fri Sep 23, 2016 01:35
by TARD
ExeterDad wrote: nor can be used by a evil server owner to log in as you on another server.

Solved, Thank. This what I was worry about because I ask stolen account user's if they use same password on other servers and they say yes.

Re: password encryption [solved]

PostPosted: Tue Sep 27, 2016 13:51
by est31
For increased security, make sure the send_pre_v25_init option is flipped to false, which is the default in the dev version, but 0.4.14 still defaults to true.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/