Only an 89bit password?

horkathane

First of all no https
second, only a 89bit password?
what kind of security are you keeping? do you know that people passwords can be TRIBBLE without a ssl connection? I use 189bit passwords which is past Sha1 and thats only 160 bits. Created by the NSA.

I know this is just a game but are their limitations because I haven't:mad: gone gold?

starkaos

Gold doesn't give you much. Priority access, more inventory slots, and priority customer service I think. Password security is the same for every player. It doesn't matter if you spent thousands on the game or nothing.

horkathane

starkaos wrote: »

Gold doesn't give you much. Priority access, more inventory slots, and priority customer service I think. Password security is the same for every player. It doesn't matter if you spent thousands on the game or nothing.

and have you know sense of a MiM attack? All you need is a sniffer and look for the seq and ack and then can intercept and impersonate, send a rct to to the client which is a kill command and take over the session.

therealfluffy

horkathane wrote: »

and have you know sense of a MiM attack? All you need is a sniffer and look for the seq and ack and then can intercept and impersonate, send a rct to to the client which is a kill command and take over the session.

Assuming you actually had access to the infrastructure of the person you want to hack and could block further attempts from this person to reestablish a connection - what good would it do you to hijack a connection on layer 4 when the encryption is performed at level 7 with a one way public key?

solidneutronium

horkathane wrote: »

First of all no https
second, only a 89bit password?
what kind of security are you keeping? do you know that people passwords can be TRIBBLE without a ssl connection? I use 189bit passwords which is past Sha1 and thats only 160 bits. Created by the NSA.

I know this is just a game but are their limitations because I haven't:mad: gone gold?

The NSA already have all your passwords bro. No need to worry.

horkathane

noobs to the left, noobs to the right, noobs all over. Hell Im the warlord to Protect, hahaha. Ill take down all the hackers and make it safe, through education.

Ok there is a company in the UK called Near field solutions a device that can scan and grab credit card info, device with a hand held scanner. a virtual pickpocket.

why am I telling you this here? Im a gamer and I only care about gamers. nuff said

anyway, Im developing a solution ....well cant give all my secrets away, i do want to have a car and home some day.

Google glasses, major threat

anyway, I might seem paranoid like the Lone-gunmen in the X-files, but its out there, cheap too since its so obscure. go to the near field solutions website the RFC contectless scanners man insane.

Learned about it in my classes. Insane.

horkathane

solidneutronium wrote: »

The NSA already have all your passwords bro. No need to worry.

no they dont. I rotate on a 3 day cycle, monitor all my logs and have a dead zone firewall system first wall accepts IP and then second wall is IPX with AISC conversion to IP for my interior network, hahaha impregnable:cool:

horkathane

so basically all ip attempts are re-translated to ipx and then back to ip and all attacks stopped due to the re-translation, haha:cool:

horkathane

therealfluffy wrote: »

Assuming you actually had access to the infrastructure of the person you want to hack and could block further attempts from this person to reestablish a connection - what good would it do you to hijack a connection on layer 4 when the encryption is performed at level 7 with a one way public key?

session attack. once you get in and can sniff packets you are looking for the Seq and ack between client and server. its so simple and im not gonna tell that here but if you know anything you know. then you can impersonate by sending the right ack to the server and then sending a kill to the client with a rct.

now the server thinks its you.

so please https, thanks....gonna game

horkathane

i left things out on purpose, ok. cya ingame :cool:

kyeto13

horkathane wrote: »

no they dont. I rotate on a 3 day cycle, monitor all my logs and have a dead zone firewall system first wall accepts IP and then second wall is IPX with AISC conversion to IP for my interior network, hahaha impregnable:cool:

horkathane wrote: »

so basically all ip attempts are re-translated to ipx and then back to ip and all attacks stopped due to the re-translation, haha:cool:

horkathane wrote: »

session attack. once you get in and can sniff packets you are looking for the Seq and ack between client and server. its so simple and im not gonna tell that here but if you know anything you know. then you can impersonate by sending the right ack to the server and then sending a kill to the client with a rct.

now the server thinks its you.

so please https, thanks....gonna game

O.o

This guy is super cereal about the security.... to a VIDEO GAME!!!

Seriously... I would be more worried about having security in my BANK ACCOUNT, not my STO account.

lordfuzun

horkathane wrote: »

session attack. once you get in and can sniff packets you are looking for the Seq and ack between client and server. its so simple and im not gonna tell that here but if you know anything you know. then you can impersonate by sending the right ack to the server and then sending a kill to the client with a rct.

now the server thinks its you.

so please https, thanks....gonna game

Do you seriously thing a MITM can take out a game session with TCP highjacking alone? HAH. You also have to have the engine streaming protocol know as well. And it's a protocol of it's own. You don't follow it, disconnected!

And no on using SSL on a game connection. I don't want to have to have $50 a month to play it.

painkillerjayne

Yeah, whaddup with this 89-bit stuffz? :eek:

I demand 69-bit security nowz!

:P

markhawkman

painkillerjayne wrote: »

Yeah, whaddup with this 89-bit stuffz? :eek:

I demand 69-bit security nowz!

:P

Yeah that feels like a redherring to me. Most computers use 8-bit bytes, why use 89 bits for something?

wolfpacknz

horkathane wrote: »

First of all no https
second, only a 89bit password?
what kind of security are you keeping? do you know that people passwords can be TRIBBLE without a ssl connection? I use 189bit passwords which is past Sha1 and thats only 160 bits. Created by the NSA.

I know this is just a game but are their limitations because I haven't:mad: gone gold?

Thanks for letting everyone know what security you're using.. Great way to advertise your open for business

painkillerjayne

markhawkman wrote: »

Yeah that feels like a redherring to me. Most computers use 8-bit bytes, why use 89 bits for something?

Actually, 89 bit format is used in LSFRs (Linear feedback shift register) for cryptology and stream ciphers. LSFRs have also long been used as pseudo random number generators.

As far as cryptology goes, 40 and 89-bit LSFRs can be used for fast correlation attacks and provide better analysis (compared to previous methods) of algorithms when applied to very large input datasets.

Hey...don't look at me that way! You asked! :P

My initial post was just a joke.