0.9.13m Patch Notes
" Forums will be the best option regardless. Current IGN: twitchtvTheuberelite
http://twitch.tv/theuberelite - I stream sometimes. |
|
|
You can now play without people sniffing up your passwords, hopefully.
| |
" That doesn't help if you didn't make major changes. Hackers simply use an IDA Plugin named patchdiff or got programs such as bindiff. |
|
" I assume it refers to "Added encryption to the game protocol." But wait, this was possible before? Live Stream: https://www.twitch.tv/menthur
Twitter: https://twitter.com/CMenthur |
|
"No. |
|
" If somebody could record you packetstream then he could easily aquire all data he needed. But for such malicious persons will simply check where the data gets decrypted, infect victims via drive by downloads and read the contents from that point, it's just one more step to them. |
|
" Yes, and this was made worse by the fact that you couldn't recover accounts using your email address (which you still probably can't do). Now both the website and the game protocol encrypts your password. You now need to infect the users computer or bribe GGG employees to access users passwords. | |
" Even if you bribe us you would not be able to get the users password. We don't store them. We store salted multi-round hashes. In addition, I feel it's slightly misconstrued to say that you could sniff passwords before. What you could sniff before was a hash of the users password (which is what the game client sends and what it stores when you use the Save Password feature). This means that sniffing the PoE game connection previously would have been enough to steal a Path of Exile account, but that doesn't give away the actual text of your password which you might be using for other things. In any case, the protocol is encrypted now. Path of Exile II - Game Director
| |
" Sounds delicious |
|
|
Mmmm, salted multi-round hashes *drools*"
|
|
