New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[New Algorithm] AuthMe - SHA256(SHA256(password) + salt) #1486

Open
KiralyCraft opened this Issue Jan 5, 2018 · 1 comment

Comments

Projects
None yet
3 participants
@KiralyCraft

KiralyCraft commented Jan 5, 2018

Name of algorithm: AuthMe default password storage algorithm
Where it is used: AuthMe is an authentication plugin for Minecraft cracked servers. It is the most known and used plugin for all kinds of servers. By default, it stores it's passwords in a database in the mentioned format. By implementing the requested algorithm, password recovery/cracking would be available based on the hashes stored in plain text.
Source code: The algorithm is implemented here: https://github.com/AuthMe/AuthMeReloaded/blob/master/src/main/java/fr/xephi/authme/security/crypts/Sha256.java

Restrictions: Salt length is always 16 characters. It is randomly generated but stored together with the password hash. Password length can vary from 1 to 32 characters.

Full example of password & hash:

Password: pantof
Stored entry: $SHA$c7dedf5a36c4a343$05ae3239eee683872ef1cc9096777bf4b1a72a179709efc17d8bf1603b082065

Other details: The passwords are stored in the following format:
String encryptedPassword = "$SHA$" + salt + "$" + sha256(sha256(password) + salt);

@spideyroc1

This comment has been minimized.

Show comment
Hide comment
@spideyroc1

spideyroc1 May 24, 2018

Will this be added?

spideyroc1 commented May 24, 2018

Will this be added?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment