Topics

[Welcome to the forums!]

Welcome to the forums! We're glad to have you here! :) You can register your account here, then feel free to introduce yourself in the Server.Warcraft2.online board & let us know who you are on the server.

1

Server.War2.ru / Archer: Leaving the community

« on: June 16, 2015, 09:23:21 AM »

After having posts removed by lightbringer- in which I was working on a very important topic with tupac and xboi - How to fix passwords being reversible -

I have decided to leave. After I spend the time to try to help the community fix the password problem, and contributed important information that is now deleted, im not going to waste my time fighting with you idiots

iL refuses to make any decisions for his own server because he is SO "democratic", yet he lets dictators rule underneath him and do anything they want with no accountability. Weak.

You guys should have gave me my name back, and let me participate in the community, that way you could at least know what im up to and keep an eye on me, now I will continue to participate but anonymously and probably cause problems instead of contribute.

2

Support Requests / Change PvPGN Encryption to something more secure

« on: June 15, 2015, 04:27:49 PM »

I saw tupac post a thread about this but looks like its gone now.

Here's what I was going to add

From this May 2002 interview with a BNETD developer, he described encryption as the most difficult task in making BNETD, he also admits the encryption is weak (by 2002's standards!)

I dont totally understand what he's saying, but I think he means the War2 Client itself is doing the hashing. If so we wouldnt be able to change it ever...

I'll have to look into it more. If the passwords could be made more secure, that would be good tho .. not a huge priority for a little circa 1995 game server, but other PvPGN servers could benefit from better password security, particularly servers with games like WC3 that require an email address at registration. With databases of emails and passwords leaking, can cause real problems for other PvPGN servers


"Probably the most daunting task was figuring out any part of the protocol that involved encryption. Thankfully, the server works without supporting any of those packet types. But that meant going without passwords on the player accounts. Not having passwords was OK for LAN parties and systems behind firewalls, but some people wanted to allow logins from the Internet. Once we implemented account profiles, it became even more important so that players couldn't destroy each other's ratings.

Thankfully, the hash size was the same as SHA1 and [we were] sent an example hashing function. The hashed password was sent in the plain to the server where it was stored for later logins. We figured out that the login hash used the session key and a random value (actually a timestamp), plus that hashed password, and then hashed it again.

The server performs the same operation and compares the results. It's not the greatest scheme (knowledge of single-hashed password is the same value as knowing the password), but it was good enough for a game server. There was some further complication because the hash is performed in an endian-dependent way and it doesn't use the standard initialization or padding."

3

Server.War2.ru / Lightbringer- is squelching my posts

« on: June 15, 2015, 03:07:37 PM »

Just so everyone knows, Lightbringer- is deleting all my posts whenever I post something he deletes it

4

Server.War2.ru / Introducing WarMapper, a worldwide map of the War2 Community

« on: June 14, 2015, 04:35:52 PM »

Public Service Anoucement from USA~Archer

usa-archer dot com

Check to see if your account has been leaked as a result of the war2.me database leak which was stolen from my PC by a trojan/backdoor. Now it is spreading thru the community and ppl are jacking accounts all over the place.

Change your WAR2 PASSWORDS

this message is stupid and should be changed

War2BNE topic: War2 players. Ensure that the PW you use for warcraft2 is not the same for your important accounts such as Email, paypal, FB etc


First of all it doesnt even say that anyones warcraft 2 password has been leaked, it just says not to use the same as facebook etc.

If i read this, I would say, " well duh" and not change my password


Besides, peoples facebook, paypal etc aren't even at risk BECAUSE NO EMAIL ADDRESSES WERE LEAKED. Hows anyone going to get their paypal account with their war2 password if the database leak doesnt contain their email ...



The only thing that matters is to tell people to check my site to see if their username was leaked, and if it was change their War2 password, thats it its not a big deal

then accounts will stop getting jacked and iwill stop being blamed for them getting jacked when im not the one doing it


ALSO Make sure to read FAQ #5


usa-archer dot com slash faq.php

Sorry to anyone whos accounts got jacked due to database being stolen from my PC, sorry for anyone who took losses as a result of accounts being jacked, sorry for any admin burden this has caused. This tool is my attempt to help make things better.