Hello. Users who have worked with TFS 0.X probably remember that it was supporting more password hasing methods (Fir3element/3777 (https://github.com/Fir3element/3777/blob/master/src/tools.cpp#L107)) than SHA1 which is the only method in TFS 1.X (otland/forgottenserver (https://github.com/otland/forgottenserver/blob/master/src/iologindata.cpp#L95)).
I would like to share implementation I've found in the past and then added to mine server, which may be not as good as it was in 0.4 (multiple hasing methods), but for sure increase data security.
The only things are needed to change is:
All these changes and files are available on PR here - Replace sha1 with sha256 by rookgaard · Pull Request #2675 · otland/forgottenserver (https://github.com/otland/forgottenserver/pull/2675)
Of course changes will be needed also in AAC's, but in most cases it will be replacing
I would like to share implementation I've found in the past and then added to mine server, which may be not as good as it was in 0.4 (multiple hasing methods), but for sure increase data security.
The only things are needed to change is:
- add
sha256.cppandsha256.hfiles to sources directory - modify
CMakeLists.txtso it would add files to compilation process - change both occurrences of
transformToSHA1tosha256iniologindata.cpp
All these changes and files are available on PR here - Replace sha1 with sha256 by rookgaard · Pull Request #2675 · otland/forgottenserver (https://github.com/otland/forgottenserver/pull/2675)
Of course changes will be needed also in AAC's, but in most cases it will be replacing
sha1($something) with hash('sha256', $something).