Hello. Users who have worked with TFS 0.X probably remember that it was supporting more password hasing methods (Fir3element/3777 (https://github.com/Fir3element/3777/blob/master/src/tools.cpp#L107)) than SHA1 which is the only method in TFS 1.X (otland/forgottenserver (https://github.com/otland/forgottenserver/blob/master/src/iologindata.cpp#L95)).
I would like to share implementation I've found in the past and then added to mine server, which may be not as good as it was in 0.4 (multiple hasing methods), but for sure increase data security.
The only things are needed to change is:
All these changes and files are available on PR here - Replace sha1 with sha256 by rookgaard · Pull Request #2675 · otland/forgottenserver (https://github.com/otland/forgottenserver/pull/2675)
Of course changes will be needed also in AAC's, but in most cases it will be replacing
I would like to share implementation I've found in the past and then added to mine server, which may be not as good as it was in 0.4 (multiple hasing methods), but for sure increase data security.
The only things are needed to change is:
- add
sha256.cpp
andsha256.h
files to sources directory - modify
CMakeLists.txt
so it would add files to compilation process - change both occurrences of
transformToSHA1
tosha256
iniologindata.cpp
All these changes and files are available on PR here - Replace sha1 with sha256 by rookgaard · Pull Request #2675 · otland/forgottenserver (https://github.com/otland/forgottenserver/pull/2675)
Of course changes will be needed also in AAC's, but in most cases it will be replacing
sha1($something)
with hash('sha256', $something)
.