I'm writing a game which requires users to log in to their accounts in order to be able to play. What's the best way of transmitting passwords from client to server and storing them?
I'm using Python and Twisted, if that's of any relevance.
+1
A:
The best way is to authenticate via SSL/TLS. The best way of storing passwords is to store them hashed with some complex hash like sha1(sha1(password)+salt) with salt.
FractalizeR
2010-08-29 17:46:18
+1 but i'd recommend 1 round of sha256. sha1 has a problem with collisions, and a collision in the inner sha1() would not be fixed by the outer salt and sha1(). (disclaimer, no one has actually generated a collision for sha1, but its possible to do better than brute force. )
Rook
2010-08-29 17:49:27
A:
If you want plug'n'play solution, use py-bcrypt for storing passwords (http://www.mindrot.org/projects/py-bcrypt/) and SSL/TLS to protect them in transit.
blaze
2010-08-30 06:10:14