Author: cen Language: text
Description: Improve Security with an OSS Server but Closed Client? Timestamp: 2013-05-23 19:19:58 +0000
View raw paste Reply
  1. Hi Chris and Alan
  2.  
  3. I am hosting a game server and I have the following problem. The game client-server authentication is done with SRP-3 and uses SHA1 for hashing.
  4. Because of that, the passwords on the server are stored as SHA1(pass, salt) which is not very safe. I would like to use bcrypt instead but if I understand SRP correctly,
  5. both server and client need to use the same hashing alghoritm. The game client is not open source so it cannot be modified. The server is, but that does not help me too much in this case.
  6.  
  7.  How can I improve the security of the passwords in case the database gets hacked?
  8.  
  9. Keep up the good work,
  10.  
  11. cen
View raw paste Reply