pwdhash in auth.sqlite

For people working on the C++ code.
kai
New member
 
Posts: 2
Joined: Sun Jul 21, 2019 20:04
IRC: kaikai

pwdhash in auth.sqlite

by kai » Mon Jul 22, 2019 16:06

Hello,

I'm having some trouble recognizing the password hashing method.
How is the password hash created in auth.sqlite?
I understand only:
'# 1 #' + base64 (name + password) + '#' + base64 (sha256 (base64 (name + password) + base64 (password))
but this didn't work for me :-(

I'd like to authorize my chat system through the auth.sqlite of minetest, as there are only minetest players from my server...

thanx in advance

k@i
 

sofar
Developer
 
Posts: 2059
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: pwdhash in auth.sqlite

by sofar » Mon Jul 22, 2019 17:37

The authentication method used is SRP. This makes the hash somewhat non-standard. You'll need to both understand SRP as a mechanism as well as read the code to understand how the hashes are created.

What do you mean by :

I'd like to authorize my chat system through the auth.sqlite of minetest, as there are only minetest players from my server...
 

User avatar
Krock
Developer
 
Posts: 4341
Joined: Thu Oct 03, 2013 07:48
Location: Switzerland
GitHub: SmallJoker

Re: pwdhash in auth.sqlite

by Krock » Tue Jul 23, 2019 17:58

You could pipe all chat system inputs and outputs either through
* two files (in and out), on a ramdisk if you want
* a web socket. Server mod is the server, your chat backend the client connecting to it
* a method which can be found on your preferred search engine

The base64&sha method you're talking about is legacy code and only kept for backwards compatibility. As sofar mentioned, you'd need to study how SRP works in order to attempt re-creating a hash value. It's better to let Minetest calculate the hash for you (password comparison API).
>> Mod Search Engine << - Mods by Krock - DuckDuckGo mod search bang: !mtmod <keyword here>
 

kai
New member
 
Posts: 2
Joined: Sun Jul 21, 2019 20:04
IRC: kaikai

Re: pwdhash in auth.sqlite

by kai » Tue Jul 23, 2019 19:16

Thanks for the answers - faster then i had hoped =)

Krock wrote: you'd need to study how SRP works in order to attempt re-creating a hash value. It's better to let Minetest calculate the hash for you (password comparison API).

Thank for this hint. I just programmed an SRP prototype (and it didnt work).
The API is for LUA, right? Is there an API for other languages (JS,Python,C) as well?

Thanx
 


Return to Partly official engine development



Who is online

Users browsing this forum: No registered users and 1 guest