SimpleLogin icon indicating copy to clipboard operation
SimpleLogin copied to clipboard

Published 20 hours ago verified publisher icon SeraphJACK

suggestion for improving password security

Open catAngent opened this issue 1 year ago • 5 comments

when user creates a new password, store it as a hash. when user tries to connect to a server, hash the hashed password again and send that double hash to the server.

catAngent avatar Jun 11 '23 19:06 catAngent

SimpleLogin is already doing exactly what you are asking. Not only that, SimpleLogin also utilizes a computational expensive hash function called Bcrypt with random salt to further ensure password security.

SeraphJACK avatar Jun 11 '23 22:06 SeraphJACK

Sorry I didn't noticed that you are referring to the client-side storage.

I'm considering that it might be a inconvenience for players who forgot their password and want to view it again.

SeraphJACK avatar Jun 12 '23 01:06 SeraphJACK

Also, I'm expecting that most users would choose a randomly generated password, in which case it doesn't really matter whether it's the plain text that is leaked or the client-side hashed one.

SeraphJACK avatar Jun 12 '23 01:06 SeraphJACK

I modified your script so everytime you open the client, it delete's the .sl_password from the root directory, Encryption would be usefull, i also updated it to 1.19.4 so if you have a address to send the package im happy to send it to you, im new to github but not to programming.

Shadowbox0028 avatar Jun 12 '23 18:06 Shadowbox0028

Maybe using system keychain would be a better choice? (KeyChain, KWallet, ...)

Yesterday17 avatar Jun 13 '23 03:06 Yesterday17