authentication

Post here if you need help setting up your server, etc.
Post Reply
qqNob
Posts: 4
Joined: Fri Jan 20, 2017 5:45 pm

authentication

Post by qqNob »

Hello guys, my name is qqNob

I need help with armaauth. I went to the Wiki and I just found it on the forum. I have the files config.php and index.php, but I do not know how to put the @
Example: test @ rx
Someone to help? Thank you
Found : https://github.com/fkmclane/ArmaAuth

User avatar
Light
Reverse Outside Corner Grinder
Posts: 1659
Joined: Thu Oct 20, 2011 2:11 pm

Re: authentication

Post by Light »

What comes after the @ is going to be your domain. So, if you're hosting this on example.com, your auth would be [email protected]. If you want a short auth like @lt or @forums, you need to have public registration available for your auth, and I believe there are a few other rules written somewhere (probably on the wiki). Then you can contact Tank and request it.

If you only want it to work on your server, you could alter your hosts file and redirect, for example @lt would be lt.authentication.armagetronad.net, to your webserver with your auth set up and you could have any login there you want. Of course, if you happen to duplicate an existing one, you're going to have issues with people that want to log in with their real login, so you would need to avoid @rx, @forums, @lt, @dbd, @comps, and quite a few more. This is generally a bad idea, but it sounds like you're less likely to know how to build public registration for your authentication server.

qqNob
Posts: 4
Joined: Fri Jan 20, 2017 5:45 pm

Re: authentication

Post by qqNob »

Light wrote:What comes after the @ is going to be your domain. So, if you're hosting this on example.com, your auth would be [email protected]. If you want a short auth like @lt or @forums, you need to have public registration available for your auth, and I believe there are a few other rules written somewhere (probably on the wiki). Then you can contact Tank and request it.

If you only want it to work on your server, you could alter your hosts file and redirect, for example @lt would be lt.authentication.armagetronad.net, to your webserver with your auth set up and you could have any login there you want. Of course, if you happen to duplicate an existing one, you're going to have issues with people that want to log in with their real login, so you would need to avoid @rx, @forums, @lt, @dbd, @comps, and quite a few more. This is generally a bad idea, but it sounds like you're less likely to know how to build public registration for your authentication server.
@qqnob.tk ok. now you have idea how use the method webform i dont like md5 :?

User avatar
Light
Reverse Outside Corner Grinder
Posts: 1659
Joined: Thu Oct 20, 2011 2:11 pm

Re: authentication

Post by Light »

qqNob wrote:@qqnob.tk ok. now you have idea how use the method webform i dont like md5 :?
I'm not sure what you're asking. Are you talking about Webform in Drupal? MD5 is just an encryption method so you can't view the plain text, and are not sending it unencrypted where it could be intercepted. If you are talking about using a current database of users with a different password encryption, you'll need to either change that or if you happen to have started with MD5 follow the same method to duplicate it in your auth script.

qqNob
Posts: 4
Joined: Fri Jan 20, 2017 5:45 pm

Re: authentication

Post by qqNob »

Light wrote:
qqNob wrote:@qqnob.tk ok. now you have idea how use the method webform i dont like md5 :?
I'm not sure what you're asking. Are you talking about Webform in Drupal? MD5 is just an encryption method so you can't view the plain text, and are not sending it unencrypted where it could be intercepted. If you are talking about using a current database of users with a different password encryption, you'll need to either change that or if you happen to have started with MD5 follow the same method to duplicate it in your auth script.
ok dude go to Lightron chat, for more help. ok?

qqqqqqqqqqqz
Posts: 6
Joined: Wed Mar 01, 2017 4:24 am

Re: authentication

Post by qqqqqqqqqqqz »

Light wrote:MD5 is just an encryption method so you can't view the plain text
MD5 is not encryption, it's a hash algorithm. In other words, unlike encryption, MD5 (like all hash algorithms) is designed to not be reversible.
It's also incredibly insecure, and should be avoided for authentication at all costs. Collisions for MD5 can be found in about a day on modern hardware.
If you want authentication, use a well-known scrutinized password-hashing algorithm designed for that purpose. An example is bcrypt with 1000 iterations, or Argon2. But using MD5 is just asking to get screwed over.

User avatar
Lucifer
Project Developer & Local Moonshiner
Posts: 8610
Joined: Sun Aug 15, 2004 3:32 pm
Location: Republic of Texas
Contact:

Re: authentication

Post by Lucifer »

There's a salt or two added to make it more difficult to determine a password even after it's been reversed, but yeah, sha2 is supposed to be added in 0.4 (or maybe we already have it? I forget)

Then again, we're also not protecting credit cards or even real identities, only game identities.
Image

Be the devil's own, Lucifer's my name.
- Iron Maiden

qqqqqqqqqqqz
Posts: 6
Joined: Wed Mar 01, 2017 4:24 am

Re: authentication

Post by qqqqqqqqqqqz »

Lucifer wrote:There's a salt or two added to make it more difficult to determine a password even after it's been reversed, but yeah, sha2 is supposed to be added in 0.4 (or maybe we already have it? I forget)
That's great, but even sha2 wasn't designed for password hashing. Even better would be to use a few rounds of the recently standardized Argon2, which was designed for the purpose.
Lucifer wrote:Then again, we're also not protecting credit cards or even real identities, only game identities.
Still though, some people may be quite attached to their accounts :wink:

User avatar
aP|Nelg
Match Winner
Posts: 558
Joined: Wed Oct 22, 2014 10:22 pm
Contact:

Re: authentication

Post by aP|Nelg »

qqqqqqqqqqqz wrote:
Lucifer wrote:Then again, we're also not protecting credit cards or even real identities, only game identities.
Still though, some people may be quite attached to their accounts :wink:
And certain server control panels use global ID to sign in. If someone doesn't have their data backed up, that could be quite a catastrophe... Still others use the same password for ALL of their accounts everywhere.

qqqqqqqqqqqz
Posts: 6
Joined: Wed Mar 01, 2017 4:24 am

Re: authentication

Post by qqqqqqqqqqqz »

aP|Nelg wrote:Still others use the same password for ALL of their accounts everywhere.
Which makes it doubly important to use strong password hashing algorithms, so that that weakness is less of a weakness.

Post Reply