I tried to investigate this, but there were still unanswered questions. I studied how an 8-character password turns into a high-bit encryption key. During my research, I found articles that talked about the value of salt.
Suppose you can get all 256 characters for the game, then the 8-digit password will be 64 bits long. So the remaining 64 bits is just the salt value. And, correct me if I'm wrong, but it is done so that if someone tries to try ALL possible values (brute force), they will have to try all 128 bits since then even the salt is unknown.
My questions really refer to this salt meaning:
- When someone makes a bid, is the salt value hardcoded? And if so, is it impossible to obtain it by reverse engineering the executable?
- If the salt is generated randomly, I assume that it should somehow duplicate it. So, isn't this function returning a random salt, which could be reverse engineering to make it duplicate itself to get the salt value?
- It may be out of scope, but if the salt value is generated on the server side (client / server relations), then is it necessary to share it with the client so that they can decrypt the data sent by the server? And, if he is sent to the client, is it possible to intercept him, which makes him useless?
- , "salt", 8- ?