Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
31 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to General and Gameplay Programming

Converting password to number

Started by
4 comments, last by tanger32au 10 years, 1 month ago
Hi all,
As part of the login process for my game I am storing the username / password in a file. To protect this and stop people using the password I have written some code to take the password, convert this to ASCII code, preform two mathematical operations and save this to a file.
Having undertaken some testing of my code I have found a couple of things:
1) Entering "Paul" produces the same result as "luaP"
2) Entering "Lisa" produces the same result as "Bart".
Paul = 180730
luaP = 180730
Lisa = 178093
Bart = 178093
Here is the code I have written. This is taken from my game but changed slightly to work as a standalone program.
[CreatePassword]
PasswordCreate$ = ""
length = 0
PasswordCreateText = 0
PasswordCreatePro$ = ""
cls
Input "Enter a password: "; PasswordCreate$
    length = len(PasswordCreate$)
    for A = 1 to length
        PasswordCreatePro$ =  mid$(PasswordCreate$, A)
        PasswordCreateText = PasswordCreateText + asc(PasswordCreatePro$)
 
    next A
 
PasswordCreateText = PasswordCreateText  * 293
PasswordCreateText = PasswordCreateText + 62944
 
Print ""; PasswordCreateText
 
open "PassWordChecker_Temp.spf" for append as #UC
print #UC, ""; PasswordCreate$;  " = "; PasswordCreateText
close #UC
 
input "? "; RunChoice$
if RunChoice$ = "q" then gosub [EndOfTest]
gosub [CreatePassword]
 
[EndOfTest]
notice "Program closed"
end
Paul
Advertisement
You will want to read about hash functions, specifically cryptographic hash functions.

The one problem arises because you don't consider the place of the particular characters when summing them up. The plus operator is commutative, that means

1 + 2 == 2 + 1

and hence summing up the ASCII values of "Paul" gives the same value as summing up the ASCII values of "luaP".

The other problem arises because a specific sum can be yielded in by several combinations of arguments. For example

3 + 6 == 4 + 5

so summing up the ASCII values of "Lisa" gives the same value as summing up the ASCII values of "Bart" (although I haven't proved that).

Decent string hash functions consider the location of where the characters are in the string by multiplying the sum so far with a constant. However, finding such a constant so that the result have a vanishing probability of collision is not easy.

I suggest you to not try your own solution but to use an existing hash function. There are several of them available from the internet. For example, the Fowler/Noll/Vo version 1 alternative (or FNV-1a for short) is available for 32, 64, and 128 bit hash values, and demonstrates what I mean above. It is simple and can be implemented without hassle.

Another point is that hashing alone is not very secure. For a password hash one usually wants that the reverse step, e.g. computing the unknown password from the known hash, is not possible with a reasonable effort. Hence there are hash functions out there that are developed with the demand to not being reversible, so-called cryptographic hashes. Well known candidates are md5 and the SHA family. Some of them are known to have weaknesses.

For passwords you should consider to use such secure hash functions.

Don't use MD5, it is broken, and if you can: avoid using SHA-1 too: https://www.schneier.com/blog/archives/2013/11/microsoft_retir.html

"Never roll your own crypto"

http://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own

If this is just for fun, or just for you and your friends or whatever, it's fun to learn how things work so doing your own crypto will be fine. Go ahead and use MD5 all you want. But if this is for something that is going on the internet, or for real users DO NOT make your own crypto algorithm.

EDIT: Just to add, look up scrypt as well!

Thanks for the replies.

This is for a game I am making which is for my own use with a view to letting other people download it and play it if they want.

I am limited by the programming language I am using (JustBasic) so I am trying to make it the best / most secure I can within the limits of JustBasic.

This topic is closed to new replies.

Advertisement

Popular Topics

Aybe One
How do you manage yourself and your time as years pass on? GDNet Lounge
Jikoob
Too many managers? General and Gameplay Programming
ReignOnU
Do your part to stop global warming and climate change GDNet Lounge
aigan
The promise of freedom in story games Game Design and Theory
robertrobert
Facebook Ads for sales on steam, does it work? Games Business and Law
AliAbdulKareem
Understanding the wavy-like shape in alpha-testing magnification for text rendering Graphics and GPU Programming
Advertisement

Recommended Tutorials

BadMemory
Designing for multi-age coop play Game Design and Theory
Bokke
Introduction to the Graphics Pipeline Graphics and GPU Programming
Myopic Rhino
IGF 2010: Lazy 8 Studios Interviews
Michael Tanczos
GameDev.net Open License Archive
Unlock Audio
How To Mix an Orchestra Music and Sound FX

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top