xash3d-fwgs icon indicating copy to clipboard operation
xash3d-fwgs copied to clipboard

Published 20 hours ago verified publisher icon FWGS

Protection for sv_password and rcon_password cvars

Open nekonomicon opened this issue 1 year ago • 0 comments

I think need to add some things to protect passwords on server side:

  • fast and hard hashing algorithm(like MurMurHash) with salt.
  • timing attack protection(timingsafe_memcmp from OpenBSD/LibreSSL).
  • additional pause in seconds between authentifications(2 seconds or more, may be tune value via cvar).
  • fail2ban analog.

nekonomicon avatar Dec 11 '22 23:12 nekonomicon