Security enhancement through salting

[FrostyPenguin]

Hey, I just noticed that the passwords are stored in plain-hashed format using sha256.
First off, it's awesome that it doesn't just store them in plain. However, when two users have the same password this results in the very same hash.

That's why in “real” OSes they salt the password. A two digit number that is prepended to the password before hashing and stored in plain alongside the hash is enough to make the system an awful lot stronger 😏.

I'd open a pull request if I was better in Lua programming (I'm a C fanboy). So if someone wants to give this a try before I do (probably not very soon), feel free to do so.

[IgorTimofeev]

Good point, maybe someday this will be added, thanks

[happymimimix]

Hey, I just noticed that the passwords are stored in plain-hashed format using sha256. First off, it's awesome that it doesn't just store them in plain. However, when two users have the same password this results in the very same hash.

That's why in “real” OSes they salt the password. A two digit number that is prepended to the password before hashing and stored in plain alongside the hash is enough to make the system an awful lot stronger 😏.

I'd open a pull request if I was better in Lua programming (I'm a C fanboy). So if someone wants to give this a try before I do (probably not very soon), feel free to do so.

Don't you know that Windows 11 today still store passwords as UNSALTED md4 hash?
Look at enderman's video, he got explanations for this.

Personally, I think salting is way too much to ask for a minecraft operating system.
You really should get Microsoft to salt Windows 11 passwords FIRST before you come here to ask MineOS to implement this feature!