Author Topic: Event_Keypad - Create Keypads with Secure Passwords!  (Read 6762 times)

I read through you "wall-o-text" now and found out an misunderstanding of why a salt is used. Instead of explaining it with my broken english, I'll hand you a link to wikipedia to brief you about the topic:

Salt (cryptography)
Honestly, I wasn't sure what to call it when I first wrote this several years ago, so I just lifted the term from Age of Time and rolled with it. I probably could have changed it since then, but it kinda stuck, and it isn't too far off. I guess going by the article it would be more accurate to call it a "public salt"? There it's listed as a mistake but as discussed already, it suits my purposes pretty well. I don't care too much about passwords being super secure against those with supreme authority on servers, because they can easily package /setBrickPassword and have it take notes if they're so inclined. Super Admins are the ones who get to view the server's salt and consequently transfer saves. It seems sufficient to trust them to keep it secret. And as long as it is secret, it's nearly impossible for end users to reverse engineer passwords.


trying to reverse engineer the salt isnt efficient, esp with how long or short it can be
not just inefficient, but impossible assuming you make it long enough.

Keep in mind this isn't like a password, you can mash on your keyboard and make it "aqwe4uihvrn qw3uil4tgnwsetrkvw45m9lou8ywg io4thke" if you want. That would be physically impossible to reverse when it's hashed.

?
Doesn't protect the password like this does. You can save the bricks to find the password when using that.

Doesn't protect the password like this does. You can save the bricks to find the password when using that.
That and it also requires clients to have it to be able to use i t.

Doesn't protect the password like this does. You can save the bricks to find the password when using that.
Doesn't exactly protect you from people looking over your shoulder though.

Doesn't exactly protect you from people looking over your shoulder though.
What's your point? That's just as much of an issue in real life too, but last I checked at least in real life people couldn't just read your password hashes off any computer. That could even be part of the gimmick, if one so chose.

The "It's a feature" excuse is kinda lame. Like if you're really putting so much work into security and encryption then why is it using bricks that are easily visible to everyone who happens to be standing nearby, as the keys?

The "It's a feature" excuse is kinda lame. Like if you're really putting so much work into security and encryption then why is it using bricks that are easily visible to everyone who happens to be standing nearby, as the keys?
It's a keypad.

If you wanted it to be completely inaccessible to anyone but a select group of people then this isn't the add-on for you.
We don't need keypads in blockland to keep everyone else out forever. There's at least 2 or 3 other solutions for that. Maybe more.

The reason for the encryption is just so people don't cheat by downloading the save. Simple as that.

Doesn't exactly protect you from people looking over your shoulder though.
If you wanted to try and avoid that, you could build the keypad out of 1x1fs and make the buttons not blink when pressed. Or you could provide a handy smoke grenade spawn right next to it. Or just weapons, if damage is enabled. There's really not much else I can do about that though.

The point isn't really for them to have the same purpose as real world keypads: "allow in only a specific set of people". In reality, the possibility of people spying on the password, or slipping through the door by following someone who does have the code, or sharing it with someone untrustworthy, are all unfortunate weaknesses in the system that people tolerate due to cost and/or convenience. In Blockland, you can already achieve that goal in an even more secure way, with things like variable events that check for BLIDs. The point of using keypad events, then, would be to deliberately introduce the same weaknesses as the real world keypad, to add to the gameplay experience in some way. The security of the add-on is just there to prevent an additional weakness introduced by Blockland's events system, which could be considered using meta-game knowledge.

So yeah, "It's a feature".

you could just have the user instead just click a brick, said brick waits for the user to input 4 numbers via chat like /keypad 1234
this way, all that anyone else would see is just you clicking a single brick then granting access, not manually clicking all four numbers

you could just have the user instead just click a brick, said brick waits for the user to input 4 numbers via chat like /keypad 1234
this way, all that anyone else would see is just you clicking a single brick then granting access, not manually clicking all four numbers
See the post above yours.