I would like to have some feedback on my recovery key system, I'm not sure if this could be done in a better way with a similiar or as good result
@Summ @zbizu @Flatlander @cbrm @StreamSide @Evil Puncker @EvilSkillz @Ninja @Limos @Evan sorry for tagging you guys, if you don't have the time / interest it's fine but I would really appreciate some feedback
What I basicly do is.. I create a 9 digit letter key for the encryption (I use uppercase and lowercase)
I save this key into the database (creating a new table etc. therefore)
once the server starts I load the key from the database
Let's say our encryption key looks like this now
Now let's take a look on how I create the recovery keys for the players
a key consists of exactly 15 character length, I use the 2 letters in each key as indicators.
and this is how I search for the valid sequence in the recovery key
I just need to know if what I'm doing is not efficient and can be cracked easily or if I approached that topic in the right way.
@Summ @zbizu @Flatlander @cbrm @StreamSide @Evil Puncker @EvilSkillz @Ninja @Limos @Evan sorry for tagging you guys, if you don't have the time / interest it's fine but I would really appreciate some feedback
What I basicly do is.. I create a 9 digit letter key for the encryption (I use uppercase and lowercase)
Code:
function generateEncryptionKey()
local key = {}
local n = ""
repeat
local n = math.random(string.byte("A"), string.byte("z"))
if isInArray({91,92,93,94,95,96}, n) or isInArray(key, string.char(n)) then
repeat
n = math.random(string.byte("A"), string.byte("z"))
until not isInArray({91,92,93,94,95,96}, n) and not isInArray(key, string.char(n))
end
table.insert(key, string.char(n))
until #key == 9
return key
end
Code:
function saveEncryptionKey()
local key = generateEncryptionKey()
db.query("CREATE TABLE IF NOT EXISTS `recovery_key` (`id` tinyint(1) NOT NULL,`key1` varchar(1) NOT NULL,`key2` varchar(1) NOT NULL,`key3` varchar(1) NOT NULL,`key4` varchar(1) NOT NULL,`key5` varchar(1) NOT NULL,`key6` varchar(1) NOT NULL,`key7` varchar(1) NOT NULL,`key8` varchar(1) NOT NULL,`key9` varchar(1) NOT NULL,UNIQUE KEY (`id`)) ENGINE=InnoDB;")
local res = db.storeQuery("SELECT * FROM `recovery_key` WHERE `id` = 1")
if not res then
db.asyncQuery("INSERT INTO `recovery_key`(`id`, `key1`, `key2`, `key3`, `key4`, `key5`, `key6`, `key7`, `key8`, `key9`) VALUES (1,'".. key[1] .."','".. key[2] .."','".. key[3] .."','".. key[4] .."','".. key[5] .."','".. key[6] .."','".. key[7] .."','".. key[8] .."','".. key[9] .."')")
end
result.free(res)
end
Code:
function loadEncryptionKey()
local res = db.storeQuery("SELECT `key1`, `key2`, `key3`, `key4`, `key5`, `key6`, `key7`, `key8`, `key9` FROM `recovery_key` WHERE `id` = 1")
local keys = {"key1","key2","key3","key4","key5","key6","key7","key8","key9"}
local encrypt = {}
if res then
for k, v in pairs(keys) do
table.insert(encrypt, result.getDataString(res, v))
end
end
result.free()
return encrypt
end
Let's say our encryption key looks like this now
Code:
encryptionKey = {"G","z","Y","E","q","K","u","i","L"}
Now let's take a look on how I create the recovery keys for the players
a key consists of exactly 15 character length, I use the 2 letters in each key as indicators.
Code:
function createRecoveryKey()
local key = ""
math.randomseed(os.time())
local seq1 = math.random(3,9)
math.randomseed(os.time()*os.time())
local seq2 = math.random(3,9)
key = tostring(math.floor((seq1 ^ seq2)))
key = key .."".. encryptionKey[seq1] .."".. encryptionKey[seq2]
repeat
local rnd = math.random(0,9)
key = key .."".. tostring(rnd)
until string.len(key) >= 15
return key
end
and this is how I search for the valid sequence in the recovery key
Code:
function isValidRecoveryKeySequence(playerId, key)
local gKey = ""
local t = {}; local p = {}; q = ""
if string.find(key, "%a") then
local a = string.find(key, "%a")
local z = ""
for i = 1, a-1 do
local c = key:sub(i,i)
q = q .."".. c
end
for i = a, a+1 do
local c = key:sub(i,i)
table.insert(t, c)
end
if not isInArray(encryptionKey, t[1]) or not isInArray(encryptionKey, t[2]) then
return false
end
for y, x in pairs(t) do
for k, v in pairs(encryptionKey) do
if x == v then
table.insert(p, k)
end
end
end
gKey = math.floor((p[1] ^ p[2])) .."".. t[1] .."".. t[2]
if string.find(key, gKey) then
return true
end
end
return false
end
I just need to know if what I'm doing is not efficient and can be cracked easily or if I approached that topic in the right way.
Last edited: