![]() ![]() I just want to reassure everyone that your information is safe with us. ![]() with the recent fiasco but it has nothing to do with the server hashing passwords (which it does, your passwords are hashed and salted). All growtopia password is stored as plain text, this is why hacking account in growtopia is incredibly easy compared to steam account, google account, etc.I understand your concern esp. Yet growtopia does not have this feature. literally every app that store password locally in your device store it as hashes. This makes it IMPOSSIBLE for anyone to get your password even if they get your save.dat all they are getting is your hash rather than your password. Hash is a function that convert a data into another forum of data that cannot be reversed, whenever an account's information and password is stored in a device, that password is actually stored as a hash rather than plain text. Passwords still need to be in some way or shape still be converted into the actual password you typed to be validated, hashes make it impossible to do that and if your password is even somewhat common it can be easily cracked, and having any sort of key on client makes it vulnerable to reverse engineer. You, as an user, when you switch accounts, you need to edit the password, so that implies that the password needs to be encrypted in the client itself and make it possible both online and offline to be edited, which means client needs to have a copy of the key the password are encrypted with, which makes it vulnerable because in order to obtain same output after decryption server needs to also decrypt it with the same key on client and validate that. Ok, hashes are one way, but what if an encrypted password is saved both to server and to local save.dat? This is a actually more complicated than it sounds.įirst, looking at how hashing works, they are one way process, once something its hashed it cannot be de-hashed back to it's original state, and hashes of different inputs can be same and collisions can appear as they are size-fixed, once you have the hash and the hashing algorythm you can actually generate many common possible hashes for known inputs and check if any of those hashes match with the one in save.dat, there are a lot of combinations possible but not impossible to crack it as many passwords have common syntax you have to have ultra uncommon password with many special character. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |