Safest way to protect strings/integers?

02-22-2008, 06:03 PM	#1
Gwypaas	What's the safest way to protect strings for admin passwords and integers for the codes?

02-22-2008, 06:07 PM	#2
Captain Griffen	Hash for passwords. Make sure it's a good one that can't be done backwards. Codes need a hash plus redundancy, say 10,000 bad codes for every good code (ie: 5 extra digits) should do it. And make sure that those good codes are spread out, not just with 5 completely redundant integers.

02-22-2008, 06:13 PM	#3
Gwypaas	How to do a hash for something? is it like: set code a = a*4/2^3 and so on?

02-22-2008, 07:04 PM	#4
Captain Griffen	No. That would be a terrible hash. If B = (A*4/2)^3, then A = Pow(B, 1/3) / 2 Very bad security hash.

02-22-2008, 07:27 PM	#5
Gwypaas	Yeah.. Is there any tut or something on how to make secure hashes?

02-22-2008, 07:51 PM	#6
Vexorian	I think I saw a md5 implementation in wc3jass.com, not like md5 is really secure though...

02-22-2008, 10:31 PM	#7
Gwypaas	Ok now I got the hang on what hashes are: They take number a, does some stuff with it then returns it back to what it was. But now my question. How to undo Pows?

02-23-2008, 03:54 AM	#8
HINDYhat	The inverse exponent: ( x^2 )^(1/2) = x ( x^3 )^(1/3) = x etc... ( x^a )^(1/a) = x So let's say you have something like Pow(B,3) = X, and you want to solve for B, you'd do B = Pow(X, 1/3)

02-23-2008, 05:23 AM	#9
Gorman	When you enter formulas into JASS do you have to use Pow(A, n) insted of just A^n?

02-23-2008, 06:02 AM	#10
Ammorth	Yes, since the ^ operator is not recognized by Jass, so they made a handy function (probably has to do with making the conversion from GUI to Jass more simplistic, so they made it a native).

02-23-2008, 07:47 AM

#11

Gwypaas

Hmm maybe we could convince Vexorian to make operator overloading available for the ^ operator? Then you could use it as normal.

+ rep to HINDYhat for the nice help.

Edit: Now I have tried it a bit but I don't get it working if I have this code:

JASS:

function Trig_HashTest_Actions takes nothing returns nothing
    local real b = 4
    local real i = 5
    local real x = 5
    local real ba

    set b = ((Pow(b, 7) / 67) * 127)
    call BJDebugMsg(R2S(b))
    set b = (((Pow(Pow(b, 7), (1.0/ 7.0)))*67.0)/127.0)
    call BJDebugMsg(R2S(b))
endfunction

The last output doesn't become 4 it becomes 16383.967

02-23-2008, 09:41 AM	#12
Captain Griffen	Erm...the idea behind security hashes is that you CAN'T go back from the output to the input without massive brute forcage.

02-23-2008, 10:17 AM	#13
Gwypaas	I tried that so I know how they works and the purpose of something like that would be if you saves codes in your map, like XP or heroes then if they are saved as hash with thoose numbers you can't hack the map by changing the value of all integers or something, if they try the output would be wierd and don't work with the map.

02-23-2008, 11:04 AM	#14
Captain Griffen	Oh dear...save codes are so simple to break, since I can just make a modified version of the map, give myself an uber hero, then save it.

02-23-2008, 12:20 PM	#15
Gorman	if the map is locked how would u do it? (and it has anti cheat stuff in place)