How secure do you feel regnum is?

[DemonMonger]

I suggest that you use a new account for forums so people do not see your login name..... I said this when regnum was still in beta... but im saying it again, because someone I know got hacked... and lost their account..

[putkonen]

I dont really understand this question but i guess regnum is pretty secure

[amade]

Regnum is never secure as long as DM is running around in it

[ArcticWolf]

No secure at all... Packages aren't ciphered, for instance.

[DkySven]

Not secure I think, but why would somebody hack Regnum?

[Nikor]

Quote:

Originally Posted by asdfghs

Not secure I think, but why would somebody hack Regnum?

For the same reasons people hack other stuff. To gain an advantage, to make money or just for the fun of it. The last reason is actually a very good one as those people tend to report what they found to the developers so they can fix them.

[Nikor]

Quote:

Originally Posted by Xephandor

No secure at all... Packages aren't ciphered, for instance.

What would be the use of that? As far as I can see, the client verifies the local installation every time you start. I guess it computes some kind of hash value for the every file and compares that to the values stored on the server. If there are differences, it downloads the files again, now problem here.

If you think about signing the installation package (windows only, linux users just download the launcher) with some kind of certificate, I never really understood why this would help. I mean, how many people really do think twice if windows says "This file is not signed, it may not be safe" or whatever the real text is, and click on "Run anyway"? And publishing hash values of the installer on the web site doesn't help because if you are able the redirect the download to a site of your own, you can surely adjust the values accordingly. And you wouldn't get past the check/download procedure mentioned above anyway.

Going back to the original question, I think think the only real security issue Regum has is the same that all account-based application/games/web sites have: social engineering. That means getting other people to tell you your account data including the password. This is why there is a bold red text every time you start the game that tells you not to give your password to anyone.

Edit: added a few more thoughts

[Stefan1200]

Quote:

Originally Posted by Nikor

I guess it computes some kind of hash value for the every file and compares that to the values stored on the server. If there are differences, it downloads the files again, now problem here.

Yes, Regnum find changed files very good. But if you write protect the changed file, Regnum shows an error message and start with the changed file without problem. So you can hack files and use them!

[ArcticWolf]

Quote:

Originally Posted by Nikor

What would be the use of that? As far as I can see, the client verifies the local installation every time you start. I guess it computes some kind of hash value for the every file and compares that to the values stored on the server. If there are differences, it downloads the files again, now problem here.

Uhm... Now that I read my reply I made a mistake... Packages were the Packets the client sends to the server to communicate. They're in plain text AFAIK. Ciphered packets would help to make the game more secure.

Sorry, I confused packages with packets (translation to Spanish would be: enpaquetados with paquetes ). My fault.

Quote:

Originally Posted by Nikor

Going back to the original question, I think think the only real security issue Regum has is the same that all account-based application/games/web sites have: social engineering. That means getting other people to tell you your account data including the password. This is why there is a bold red text every time you start the game that tells you not to give your password to anyone.

Edit: added a few more thoughts

Nowadays, it's almost impossible to break security in most of the cases, but there's always a way and it's social engineering. I could get my school's wi-fi lan passkey which was secured with wpa-psk just asking some questions to my teachers. Of course it has nothing to do (and I used it to send some mails ), but you can do the exact same thing to retrive the user and pass from anyone in the game. Unfortunately, this will keep happening because there's a large number of innocent-minded players that trust everyone.

[DemonMonger]

Quote:

Originally Posted by amade

Regnum is never secure as long as DM is running around in it

wrong im your best friend..... I suggest that you use a new account for forums so people do not see yoru login name..... I said this when regnum was still in beta... but im saying it again, because someone I know got hacked... and lost their account..