PDA

View Full Version : Unsecure forum account password - Requesting HTTPS access

Tigerious
03-13-2012, 06:28 PM
Dear NGD,

Forum account password and regnum online characters are the same and it is unsecure. I know that it''s more easy access for common people who just want to play etc etc but the problem is that we send password in clear text via http protocol.
What about give us secure layer access for identification process ? I think it can be easily done and added to your current webserver configuration and wont take you that much time as for fixing bugs in game.
It's just a suggestion there...

Regards.
Ashnurazg
03-14-2012, 06:39 PM
I'm requesting that NGD change the Password saving method, too. Now passwords seems to be MD5 hashed.
MD5 is outdated and insecure, even when it's "salted".

There are 5 cryptographic hash functions which are secure for the moment:
RIPEMD-128/256
RIPEMD-160/320
SHA-256/224
SHA-512/384
WHIRLPOOL
DemonMonger
03-15-2012, 02:34 AM
I warned the people and NGD about this when I first looked at these forums years ago.
I told everyone to make a second account just to use on forums.

My main account is banned from forums due to duplicate account rule that came later, but thats ok because this is only for forums (as it should be).

Sometimes we need to let people stumble and make mistakes in life right?

(Off topic)
The game is good, but it would be GREAT if NGD created a new balance team that knew alot about their specific characters in all situation.

(On topic)
Several things can be done to make sure we don't get hacked like gamigo did. If you have any ideas please send them to ngd asap.
Phrack
03-15-2012, 08:19 AM
Dear NGD,

Forum account password and regnum online characters are the same and it is unsecure. I know that it''s more easy access for common people who just want to play etc etc but the problem is that we send password in clear text via http protocol.
What about give us secure layer access for identification process ? I think it can be easily done and added to your current webserver configuration and wont take you that much time as for fixing bugs in game.
It's just a suggestion there...

Regards.

mehh

Quick search.. (http://seclists.org/bugtraq/2009/Sep/90)
:closed2:
isgandarli
03-15-2012, 10:14 AM
mehh

Quick search.. (http://seclists.org/bugtraq/2009/Sep/90)
:closed2:

DDOS won't give you anything useful :)
Anpu
03-24-2012, 12:58 PM
Nice one! It should be present on forums, website and ticket system. It should not be much problem to set it, you only need valid certificate (besides setting apache to handle) afaik. NGD cannot influence much on website / forums / tickets core software security, but they can at least enhance it with https.