Jump to content

Account security

cynder

By cynder
in Tech and Computers

 Share

Recommended Posts

cynder

cynder

Posted
Posted

Hey guys, I asked this over on the offical RS forums but know one knows anything about it so ill ask here.

 

 

 

I am logging into runescape from a unsecured connection once a week at my collage, and I was wondering if my username and password are being sent in clear text, or if it's cipher text. I would assume it's not since its not a SSL connection, but the Java Applet might encrypt it.

 

 

 

Any idea?

 

 

 

CHeers.

@peterfisher

~ Proud member of Mystic Chaos~

 

Link to comment
Share on other sites
Chris

Chris

Posted
Posted

I doubt it'd be encrypted as you've already connected to the client on the webpage.

 

 

 

It's a bit different than buying things online as you have to submit information, which sends it via a form.

 

 

 

Easiest way to explain it would be...

 

 

 

Buying things online is like sending your details on a letter and sending it through the post. If not encrypted just about anybody (postal workers) in between the send and receive can read the details.

 

 

 

You typing your details into the client directly is like giving your details over the phone. You already have connected point to point and no one else can see/hear your details although you're speaking in plain English.

dwmafianw7.jpg

Notoriously Trollish.

Link to comment
Share on other sites
Makoto_the_Phoenix

Makoto_the_Phoenix

Posted
Posted

Sent over plain text? Why would it be? The Java applet(s) encrypt the data on their own, so there's no real need to fret about it.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites
cynder

cynder

Posted
  • Author
Posted
Sent over plain text? Why would it be? The Java applet(s) encrypt the data on their own, so there's no real need to fret about it.

 

 

 

Okay thanks, wasn't sure if the applet(s) encrypted it.

@peterfisher

~ Proud member of Mystic Chaos~

 

Link to comment
Share on other sites
Collective

Collective

Posted
Posted
Buying things online is like sending your details on a letter and sending it through the post. If not encrypted just about anybody (postal workers) in between the send and receive can read the details.

 

 

 

You typing your details into the client directly is like giving your details over the phone. You already have connected point to point and no one else can see/hear your details although you're speaking in plain English.

 

That would imply that buying things online is less secure than logging in to RuneScape, which simply isn't true.

 

 

 

If something is sent over the Internet then one of the "postal workers" (routers) can read it (infact they have to), just like the FBI/MI5/whoever can listen in to phone calls provided they have access somewhere the call is being routed through. Logging in via the java client doesn't create a magical link to the Jagex servers ignoring space and time, everything still goes through atleast a dozen routers between you and the server you're playing on.

 

 

 

The RuneScape client doesn't appear to send passwords in plain text, so they're most likely encrypted/hashed/encoded.

Link to comment
Share on other sites
Chris

Chris

Posted
Posted
Buying things online is like sending your details on a letter and sending it through the post. If not encrypted just about anybody (postal workers) in between the send and receive can read the details.

 

 

 

You typing your details into the client directly is like giving your details over the phone. You already have connected point to point and no one else can see/hear your details although you're speaking in plain English.

 

That would imply that buying things online is less secure than logging in to RuneScape, which simply isn't true.

 

 

 

If something is sent over the Internet then one of the "postal workers" (routers) can read it (infact they have to), just like the FBI/MI5/whoever can listen in to phone calls provided they have access somewhere the call is being routed through. Logging in via the java client doesn't create a magical link to the Jagex servers ignoring space and time, everything still goes through atleast a dozen routers between you and the server you're playing on.

 

 

 

The RuneScape client doesn't appear to send passwords in plain text, so they're most likely encrypted/hashed/encoded.

 

 

 

That's not quite what I meant... I knew I shoulda just left this topic alone. Knowing that at least someone would get anal at me trying to explain things simply.

dwmafianw7.jpg

Notoriously Trollish.

Link to comment
Share on other sites
Collective

Collective

Posted
Posted
That's not quite what I meant... I knew I shoulda just left this topic alone. Knowing that at least someone would get anal at me trying to explain things simply.

 

There's a difference between correcting someone and being "anal." That was actually one of the few posts I've made that aren't anal at all.

Link to comment
Share on other sites
Cruiser

Cruiser

Posted
Posted

Like Collective said, it's most likely hashed/encrypted before being sent from the machine to the login server. Last time I was playing with ethereal I logged into RS while capturing and didn't find my username or pass in the results (though I may have missed it somehow, was just goofing around with it).

 

 

 

You should be fine either way. I seriously doubt someone that's gone so far as compromising a public university machine is after RS login details anyway. :P

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept