Up to Main Index Up to Journal for July, 2013 JOURNAL FOR MONDAY 22ND JULY, 2013 ______________________________________________________________________________ SUBJECT: Procrastinating... more on that later... DATE: Mon 22 Jul 19:23:29 BST 2013 So it's still sweltering hot with daily temperatures around 30°C. Can't focus, tired, too hot to sleep at night, start waking up as the evening cools down so don't want to sleep anyway. Now why the heck would anyone want to read through all of this journal entry? Well, I've just pushed out changes to the public dev branch which will let you safely put a WolfMUD server on the internet, but it will only be by invitation for now - I haven't quite finished all the code and you have to manually create the player files... First of all a note about some changes. I've wrapped long lines and marked them with a '→' to show this in the example that follow. File names are assumed to all have a .wrj extension. People have asked if I can do anything about my plans to use a SHA512 hash as a player's file name and password - as they are a bit long. For example with a player's name of 'test' we have a file name of: ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db2→ 7ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff.wrj This is 128+4 characters long. This is the hash encoded as hex which is only 50% efficient. So I've swapped to using Base64 encoding which now gives us: xu6eM89cZxWh0Uj9c_cxiIS0Gty5FgIeK8DoAKXF3Zf1→ FCF49q6IyP3Zjhr7DOTI0sVLXzezC32hmXuzOwuKMQ==.wrj This is roughly a third of the size at only 88+4 characters long and about 75% efficient. However for the hex encoding you could use the command line: echo -n "test" | sha512sum - For the Base64 encoding you can't just do: echo -n "test" | sha512sum - | base64 That gives us a wrong result which is 176+4 characters long: ZWUyNmIwZGQ0YWY3ZTc0OWFhMWE4ZWUzYzEwYWU5OTIz→ ZjYxODk4MDc3MmU0NzNmODgxOWE1ZDQ5NDBlMGRiMjdh→ YzE4NWY4YTBlMWQ1Zjg0Zjg4YmM4ODdmZDY3YjE0Mzcz→ MmMzMDRjYzVmYTlhZDhlNmY1N2Y1MDAyOGE4ZmYgIC0K.wrj This is because we are Base64 encoding the hex encoding of the SHA512 hash. What we actually want to do is Base64 encode the raw SHA512 hash. A little go will do this for us: package main import ( "crypto/sha512" "encoding/base64" "io" "os" ) func main() { h := sha512.New() io.WriteString(h, os.Args[1]) println(base64.URLEncoding.EncodeToString(h.Sum(nil))) } To use it we simply call it with the plain text to hash: go run base64.go test Which outputs a string of: 7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc_iBml1JQODbJ→ 6wYX4oOHV-E-IvIh_1nsUNzLDBMxfqa2Ob1f1ACio_w== Or for the password field in the player's file we concatenate the salt and password together. So for a salt of 'heep1Biec0Oo' and a password of 'test' we would get the hash using: go run base64.go heep1Biec0Ootest Which outputs: VMshONOiwm-32cxqpDEszHnU4xJiLL5VSTjJ-kapTqFU→ KXtQMDNDfc1aftOJ2DrPxjXbDJEwpwjZJ1qHk-DtTQ== When we create a player for testing we can chop the Base64 encoded hash in half to keep the formatting neat. To complete this example for player 'test' and password 'test' we have a file called: 7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc_iBml1JQODbJ6→ wYX4oOHV-E-IvIh_1nsUNzLDBMxfqa2Ob1f1ACio_w==.wrj With the following content: Name: test Salt: heep1Biec0Oo Password: VMshONOiwm-32cxqpDEszHnU4xJiLL5VSTjJ-kapTqFU KXtQMDNDfc1aftOJ2DrPxjXbDJEwpwjZJ1qHk-DtTQ== For completeness the Salt value is random and I generate them on the command line using this command[1] where the 12 is the length of the salt to generate: pwgen -nyc 12 In summary: 1. Generate filename using result of "go run base64.go player-name" 2. Create a file in the data/players directory using generated filename from step 1 and an extension of .wrj 2. Copy and paste the result of "go run base64.go saltpassword" into the file you just created in step 2. 3. Edit file to have Name, Salt and Password entries. It is a lot of messing around but some people can't wait for the code :( -- Diddymus [1] The pwgen package is available for Debian in their repositories. However any random salt can be used. Up to Main Index Up to Journal for July, 2013