Up to Main Index Up to Journal for July, 2013
JOURNAL FOR MONDAY 22ND JULY, 2013
______________________________________________________________________________
SUBJECT: Procrastinating... more on that later...
DATE: Mon 22 Jul 19:23:29 BST 2013
So it's still sweltering hot with daily temperatures around 30°C. Can't focus,
tired, too hot to sleep at night, start waking up as the evening cools down so
don't want to sleep anyway.
Now why the heck would anyone want to read through all of this journal entry?
Well, I've just pushed out changes to the public dev branch which will let you
safely put a WolfMUD server on the internet, but it will only be by invitation
for now - I haven't quite finished all the code and you have to manually
create the player files...
First of all a note about some changes. I've wrapped long lines and marked
them with a '→' to show this in the example that follow. File names are
assumed to all have a .wrj extension.
People have asked if I can do anything about my plans to use a SHA512 hash as
a player's file name and password - as they are a bit long. For example with a
player's name of 'test' we have a file name of:
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db2→
7ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff.wrj
This is 128+4 characters long. This is the hash encoded as hex which is only
50% efficient. So I've swapped to using Base64 encoding which now gives us:
xu6eM89cZxWh0Uj9c_cxiIS0Gty5FgIeK8DoAKXF3Zf1→
FCF49q6IyP3Zjhr7DOTI0sVLXzezC32hmXuzOwuKMQ==.wrj
This is roughly a third of the size at only 88+4 characters long and about 75%
efficient. However for the hex encoding you could use the command line:
echo -n "test" | sha512sum -
For the Base64 encoding you can't just do:
echo -n "test" | sha512sum - | base64
That gives us a wrong result which is 176+4 characters long:
ZWUyNmIwZGQ0YWY3ZTc0OWFhMWE4ZWUzYzEwYWU5OTIz→
ZjYxODk4MDc3MmU0NzNmODgxOWE1ZDQ5NDBlMGRiMjdh→
YzE4NWY4YTBlMWQ1Zjg0Zjg4YmM4ODdmZDY3YjE0Mzcz→
MmMzMDRjYzVmYTlhZDhlNmY1N2Y1MDAyOGE4ZmYgIC0K.wrj
This is because we are Base64 encoding the hex encoding of the SHA512 hash.
What we actually want to do is Base64 encode the raw SHA512 hash. A little go
will do this for us:
package main
import (
"crypto/sha512"
"encoding/base64"
"io"
"os"
)
func main() {
h := sha512.New()
io.WriteString(h, os.Args[1])
println(base64.URLEncoding.EncodeToString(h.Sum(nil)))
}
To use it we simply call it with the plain text to hash:
go run base64.go test
Which outputs a string of:
7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc_iBml1JQODbJ→
6wYX4oOHV-E-IvIh_1nsUNzLDBMxfqa2Ob1f1ACio_w==
Or for the password field in the player's file we concatenate the salt and
password together. So for a salt of 'heep1Biec0Oo' and a password of 'test' we
would get the hash using:
go run base64.go heep1Biec0Ootest
Which outputs:
VMshONOiwm-32cxqpDEszHnU4xJiLL5VSTjJ-kapTqFU→
KXtQMDNDfc1aftOJ2DrPxjXbDJEwpwjZJ1qHk-DtTQ==
When we create a player for testing we can chop the Base64 encoded hash in
half to keep the formatting neat. To complete this example for player 'test'
and password 'test' we have a file called:
7iaw3Ur350mqGo7jwQrpkj9hiYB3Lkc_iBml1JQODbJ6→
wYX4oOHV-E-IvIh_1nsUNzLDBMxfqa2Ob1f1ACio_w==.wrj
With the following content:
Name: test
Salt: heep1Biec0Oo
Password: VMshONOiwm-32cxqpDEszHnU4xJiLL5VSTjJ-kapTqFU
KXtQMDNDfc1aftOJ2DrPxjXbDJEwpwjZJ1qHk-DtTQ==
For completeness the Salt value is random and I generate them on the command
line using this command[1] where the 12 is the length of the salt to generate:
pwgen -nyc 12
In summary:
1. Generate filename using result of "go run base64.go player-name"
2. Create a file in the data/players directory using generated filename from
step 1 and an extension of .wrj
2. Copy and paste the result of "go run base64.go saltpassword" into the
file you just created in step 2.
3. Edit file to have Name, Salt and Password entries.
It is a lot of messing around but some people can't wait for the code :(
--
Diddymus
[1] The pwgen package is available for Debian in their repositories. However
any random salt can be used.
Up to Main Index Up to Journal for July, 2013