Spigot Authentication 1.5.2

Make sure your staff are who you think they are!

  1. MSWS submitted a new resource:

    Authentication - Make sure your staff are who you think they are!

    Read more about this resource...
     
  2. PlayerMoveEvent Is not compatible with anti-cheating PAC
     
  3. MSWS updated Authentication with a new update entry:

    Added OnLoginCommands, you can make a player send a command once they login.

    Read the rest of this update entry...
     
  4. MSWS updated Authentication with a new update entry:

    ADDED ENCRYPTING

    Read the rest of this update entry...
     
  5. Wtf?! They can be easily decrypted. You have to use an one-way hash function like SHA256 or a password hash function like SCrypt, BCrypt, Argon2 etc... only then it is securely stored.
     
    • Funny Funny x 1
  6. Can you please prove this to me and tell me what the password was? (In the example) : w4TCtcODw4TCucK+wrfCgcKCwoM=
    Please note that it does actually form a word.
     
  7. Are you kidding me?! In this example, it is not possible because you don't provide the username.

    In a "real-world-example", where the admin has the username AND the encrypted string, he can easily decrypt it.
     
    • Funny Funny x 1
  8. If you were to look in the example config you would see that the username is MSWS.
     
  9. MSWS updated Authentication with a new update entry:

    Custom commands if a player fails to login

    Read the rest of this update entry...
     
  10. @MSWS your password encryption is foolish, it does not support spaces or PASSWORDS THAT ARE WRITTEN IN CAPS (just as example).

    Also, it throws errors like this: http://p.reflex.rip/8Wif.go

    You should really replace it by an professional hash-method like BCrypt or SCrypt.
     
    • Funny Funny x 1
  11. It is btw. "testing123". Cracked in less than 5 seconds.
     
    • Funny Funny x 1
    • Funny Funny x 1
  12. Yeah I know, still trying to figure that out.
     
    • Winner Winner x 1