diff --git a/pom.xml b/pom.xml
index 5a25cb2f..2191eead 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,12 +30,12 @@
org.jruby
jruby-complete
- 1.7.10
+ 1.7.12
com.google.guava
guava
- 16.0
+ 17.0
io.netty
@@ -43,5 +43,10 @@
4.0.15.Final
compile
+
+ com.lambdaworks
+ scrypt
+ 1.4.0
+
\ No newline at end of file
diff --git a/src/org/apollo/io/player/impl/BinaryPlayerLoader.java b/src/org/apollo/io/player/impl/BinaryPlayerLoader.java
index f0e67cc9..6c800da2 100644
--- a/src/org/apollo/io/player/impl/BinaryPlayerLoader.java
+++ b/src/org/apollo/io/player/impl/BinaryPlayerLoader.java
@@ -25,6 +25,8 @@ import org.apollo.security.PlayerCredentials;
import org.apollo.util.NameUtil;
import org.apollo.util.StreamUtil;
+import com.lambdaworks.crypto.SCryptUtil;
+
/**
* A {@link PlayerLoader} implementation that loads data from a binary file.
*
@@ -51,9 +53,12 @@ public final class BinaryPlayerLoader implements PlayerLoader {
String name = StreamUtil.readString(in);
String pass = StreamUtil.readString(in);
- if (!name.equalsIgnoreCase(credentials.getUsername()) || !pass.equalsIgnoreCase(credentials.getPassword())) {
+ if (!name.equalsIgnoreCase(credentials.getUsername()) || !SCryptUtil.check(credentials.getPassword(), pass)) {
return new PlayerLoaderResponse(LoginConstants.STATUS_INVALID_CREDENTIALS);
}
+
+ // set the credentials password to the scrypted one
+ credentials.setPassword(pass);
PrivilegeLevel privilegeLevel = PrivilegeLevel.valueOf(in.readByte());
boolean members = in.readBoolean();
diff --git a/src/org/apollo/io/player/impl/BinaryPlayerSaver.java b/src/org/apollo/io/player/impl/BinaryPlayerSaver.java
index 825bc3b7..301c2526 100644
--- a/src/org/apollo/io/player/impl/BinaryPlayerSaver.java
+++ b/src/org/apollo/io/player/impl/BinaryPlayerSaver.java
@@ -17,6 +17,8 @@ import org.apollo.io.player.PlayerSaver;
import org.apollo.util.NameUtil;
import org.apollo.util.StreamUtil;
+import com.lambdaworks.crypto.SCryptUtil;
+
/**
* A {@link PlayerSaver} implementation that saves player data to a binary file.
*
@@ -31,7 +33,7 @@ public final class BinaryPlayerSaver implements PlayerSaver {
try (DataOutputStream out = new DataOutputStream(new FileOutputStream(file))) {
// write credentials and privileges
StreamUtil.writeString(out, player.getUsername());
- StreamUtil.writeString(out, player.getCredentials().getPassword());
+ StreamUtil.writeString(out, player.getCredentials().getCryptedPassword());
out.writeByte(player.getPrivilegeLevel().toInteger());
out.writeBoolean(player.isMembers());
diff --git a/src/org/apollo/security/PlayerCredentials.java b/src/org/apollo/security/PlayerCredentials.java
index 080eefe5..0b59b030 100644
--- a/src/org/apollo/security/PlayerCredentials.java
+++ b/src/org/apollo/security/PlayerCredentials.java
@@ -2,6 +2,8 @@ package org.apollo.security;
import org.apollo.util.NameUtil;
+import com.lambdaworks.crypto.SCryptUtil;
+
/**
* Holds the credentials for a player.
*
@@ -17,7 +19,7 @@ public final class PlayerCredentials {
/**
* The player's password.
*/
- private final String password;
+ private String password;
/**
* The computer's unique identifier.
@@ -59,6 +61,23 @@ public final class PlayerCredentials {
return encodedUsername;
}
+ /**
+ * Gets the crypted password
+ * @return The password (either the original loaded from file or scrypted)
+ */
+ public String getCryptedPassword() {
+ return password.startsWith("$s0$") ? password : SCryptUtil.scrypt(password, 16384, 8, 1);
+ }
+
+ /**
+ * Sets the player's password
+ *
+ * @param password The player's new password
+ */
+ public void setPassword(String password) {
+ this.password = password;
+ }
+
/**
* Gets the player's password.
*