Glass Hosting Development

[mctwist]

so from what i understand

menu connects to blockland over a TCP connection
menu asks for a username
blockland creates an expected hash from the username (if it exists), and the password sha1 hash (which i don't trust. at all. i'd rather use an external script to do all of this over sha256)
and if it works they get in etc etc blah blah, hash is sent with each command

Well, if you read it, it's more that it first hashes the password, then it hashes that with other variables together to make an another hash. To guess the password is almost impossible. Also, this system is only to make sure that you each time you send a request it makes sure that the content haven't been tampered with and that you are what you claim you are. As it says in the wiki:

These enhancements are designed to protect against, for example, chosen-plaintext attack cryptbrown townysis.

Yes, sha-1 is not a secure hash anymore, but when did you care about security in Blockland? It is also worth noting that even if it's insecure as it is broken, you still cannot decrypt it and need to guess what the hash contains by looking in a rainbow table.

For instance, as I mentioned earlier, I made a different way to handle this to add more randomness:
First you get the variables from the server(Please note that I used JSON for communication):

Code: [Select]

{
"nonce" : "346gw3e6hw3h6se5h6",
"opaque" : "90834g6908w3609g"
}Then the client responds:

Code: [Select]

{
"username" : "YourName",
"algorithm" : "sha1",
"nonce" : "346gw3e6hw3h6se5h6",
"nc" : "00000001",
"cnonce" : "8s3498",
"opaque" : "90834g6908w3609g",
"response" : "59e7b54eeef1a5d84aa99d19f3ef5bc6f11f4a8a",
"action" : {"cmd":"dostuff"}
}So, the client is sending back what the server requested and a bunch of other data that will identify it.

Code: [Select]

nonce = Random. It is like a token that is used for this connection
cnonce = Random. Issued by the client as an extra hash
response = algorithm(algorithm(username:password):nonce:nc:cnonce:algorithm(action))The action is hashed directly like so:

Code: [Select]

algorithm({"cmd":"dostuff"})On the server, the password is saved hashed with username. It's not perfect, but it will add some sort of security to avoid people to tamper with your server without your credentials. And as mentioned earlier, it's almost impossible to guess it unless someone have put it into a rainbow table. The only way to actually try to get into the system is to decrypt one of the response hashes and find the hash for the username and password pair.

If you want, try to guess the password.

[Ad Bot]

[Scout31]

Some important pieces are coming together

[Space1255]

AYYY looking good so far

[rggbnnnnn]

Before you release this, make sure it is 100% bug/exploit free. I'm paranoid about this because of that.

[Ipquarx]

-snip-

To be fair, that's because of its waning resistance to things like collision attacks, which definitely shouldn't be a problem in blockland, especially considering there hasn't even been a single collision ever produced as far as I know. There have been collisions for slightly modified versions of sha1 but the good ol' original seems just fine for use in blockland.

[Scout31]

The web panel is coming along.

[Shift Kitty]

Can't wait to see progress.

[Metario]

Not to be a stuffstain or anything but the UI doesn't look all too..pretty. And while I recognize it's a prototype and a work in progress, I would ask that you attempt to adhere to Google's material design standards and see how that turns out. Something about those rounded boxes just turns me off.

[MyNameIsYou]

Not to be a stuffstain or anything but the UI doesn't look all too..pretty. And while I recognize it's a prototype and a work in progress, I would ask that you attempt to adhere to Google's material design standards and see how that turns out. Something about those rounded boxes just turns me off.

idk i think the picture he posted looks pretty good

[Pecon]

I think that all it really needs to look good from there is a more consistent color scheme. Player. bricks and uptime boxes would probably benefit from just being one color.

[Paperwork]

I think that all it really needs to look good from there is a more consistent color scheme. Player. bricks and uptime boxes would probably benefit from just being one color.

yeah, this.
specifically: the status indicators' washed out colors and the text shadow within them makes it look like it was made using powerpoint - the menu on the left looks absolutely fine in my opinion along with the memory and disk usage bars near the bottom (i'm assuming the actual percentage will be added at some point).

[Scout31]

Thanks for the input, here's some new semi-mockups:





The benefit of using this framework is having easy mobile/tablet integration, I've tested the site on both and it works naturally.

[TheBlackParrot]

polymer?

[Metario]

Okay, damn. That just went from being a 5 to a 10. I'm loving it.

[Cookies and Cream]

Any approximate price por the servers?