Go Back   Champions of Regnum > English > The Inn

The Inn A place to gather around and chat about almost any subject

Reply
 
Thread Tools Display Modes
Old 03-27-2009, 11:37 AM   #11
Snoid
Master
 
Snoid's Avatar
 
Join Date: Feb 2007
Location: Altaruk :) Posts:31,337
Posts: 446
Snoid will become famous soon enoughSnoid will become famous soon enough
Default

Quote:
Originally Posted by antowen
I would imagine they would only compare the text you type against your own password, not everyone's.
...

Yes, my tests say that they are comparing every chat word you type, against your password. I dont really know how they do it. But it's one of two:
1. they compare plain text with plain text password.
2. they hash every word (every string between spaces) and then compare every result with your hashed password.

And yes, i guess they asume that there are no spaces in the password, and that it's not finished but a dot (.)

In any case, i dont like it.

Regards!
__________________
I'm an outsider, outside of everything...
RAMNA

Elegida Miss Ignis 2009 por votación popular
Snoid no ha iniciado sesión   Reply With Quote
Old 03-27-2009, 12:01 PM   #12
arlick
Duke
 
arlick's Avatar
 
Join Date: Jan 2007
Posts: 3,939
arlick is a jewel in the rougharlick is a jewel in the rougharlick is a jewel in the rough
Default

Quote:
Originally Posted by Snoid
1. they compare plain text with plain text password.
2. they hash every word (every string between spaces) and then compare every result with your hashed password.
1 and 2 are not important, because the comparation is made on client side, so they dont know about your password (you can't know it ever, you just have to believe it), and the server will not get worst doing comparations (so no lag consequences, etc).
__________________
"Nunca un científico ha quemado a un religioso por afirmar a Dios sin pruebas". Manuel Toharia
"uno empieza a darse cuenta que eso de no hacer ejercicio, comer y beber como si fuese la ultima cena y mantener la figura ya no existe...". Maryan

Last edited by arlick; 03-27-2009 at 12:28 PM.
arlick no ha iniciado sesión   Reply With Quote
Old 03-27-2009, 12:22 PM   #13
Snoid
Master
 
Snoid's Avatar
 
Join Date: Feb 2007
Location: Altaruk :) Posts:31,337
Posts: 446
Snoid will become famous soon enoughSnoid will become famous soon enough
Default

Quote:
Originally Posted by arlick
1 and 2 are not importante, because the comparation is made on client side, so they dont know about your password (you can't know it ever, you just have to believe it), and the server will not get worst doing comparations (so no lag consequences, etc).
did you make tests to confirm that? I always asumed that the server was receiving the data, and giving the response, but i never really checked this.
__________________
I'm an outsider, outside of everything...
RAMNA

Elegida Miss Ignis 2009 por votación popular
Snoid no ha iniciado sesión   Reply With Quote
Old 03-27-2009, 12:27 PM   #14
arlick
Duke
 
arlick's Avatar
 
Join Date: Jan 2007
Posts: 3,939
arlick is a jewel in the rougharlick is a jewel in the rougharlick is a jewel in the rough
Default

Quote:
Originally Posted by Snoid
did you make tests to confirm that? I always asumed that the server was receiving the data, and giving the response, but i never really checked this.
Well a friend had the problem with the red letters and i asked to kailer about it. I'm not sure but i think he said something similar . A mix of it a suppositions.
__________________
"Nunca un científico ha quemado a un religioso por afirmar a Dios sin pruebas". Manuel Toharia
"uno empieza a darse cuenta que eso de no hacer ejercicio, comer y beber como si fuese la ultima cena y mantener la figura ya no existe...". Maryan
arlick no ha iniciado sesión   Reply With Quote
Old 03-27-2009, 12:30 PM   #15
Snoid
Master
 
Snoid's Avatar
 
Join Date: Feb 2007
Location: Altaruk :) Posts:31,337
Posts: 446
Snoid will become famous soon enoughSnoid will become famous soon enough
Default

Quote:
Originally Posted by arlick
Well a friend had the problem with the red letters and i asked to kailer about it. I'm not sure but i think he said something similar . A mix of it a suppositions.
so, your friend was using a common word as password, and RO was warning him all the time?

i will make my own tests (mythbusters style)
[lang=es]wireshark al ataque![/lang]
__________________
I'm an outsider, outside of everything...
RAMNA

Elegida Miss Ignis 2009 por votación popular
Snoid no ha iniciado sesión   Reply With Quote
Old 03-27-2009, 12:44 PM   #16
surak
Legend
 
surak's Avatar
 
Join Date: Mar 2006
Location: Oslo
Posts: 2,176
surak has a spectacular aura aboutsurak has a spectacular aura about
Default

Quote:
Originally Posted by Snoid
did you make tests to confirm that? I always asumed that the server was receiving the data, and giving the response, but i never really checked this.
As arlick says, the password check is client-side only.
__________________
Surak Remember... this is just a game! - Xephandor existe y Miriya es su profeta!
surak no ha iniciado sesión   Reply With Quote
Old 03-27-2009, 12:52 PM   #17
Snoid
Master
 
Snoid's Avatar
 
Join Date: Feb 2007
Location: Altaruk :) Posts:31,337
Posts: 446
Snoid will become famous soon enoughSnoid will become famous soon enough
Default

Quote:
Originally Posted by surak
As arlick says, the password check is client-side only.
Confirmed.
Password is stored in memory while the game is running. I didnt see any network trace of the password check.

hint: scan your memory for text "Charactername:" (upper/lower case matters)

Forget everything i said before (in this thread only)

PD: Thanks Surak! Tell Kailer to answer my PM, or i will spam your inbox!
__________________
I'm an outsider, outside of everything...
RAMNA

Elegida Miss Ignis 2009 por votación popular
Snoid no ha iniciado sesión   Reply With Quote
Old 03-27-2009, 05:05 PM   #18
Angel_de_Combate
Banned
 
Join Date: Jan 2008
Posts: 440
Angel_de_Combate is on a distinguished road
Default

Well thanxs everyone for the input, but as for my password ive given out to clan members(very well trusted ones), i periodically change my pass(even though i dont play that often), the person i was giving my pass to is a very close RL friend and i trust him completely, i just wanted him to see what a lvl 50 char was like.
So panic over !!

Look forward to see you all ingame in the future.

P.s Thanxs Kailer for your prompt reply.
P.p.s Yes, Aries point taken, you know about all this stuff better than anyone, ty hun xx.
Angel_de_Combate no ha iniciado sesión   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:58 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
NGD Studios 2002-2024 © All rights reserved