EPTCapitalization on Blizzard Passwords - Page 3
| Forum Index > SC2 General |
|
mewbert
United States291 Posts
| ||
|
Kralic
Canada2628 Posts
| ||
|
Blasterion
China10272 Posts
On July 20 2011 03:19 Akill_ wrote: Looks like blizzard decided this design decision would inevitably increase their authenticator sales. + Show Spoiler + joke: they probably have hackers on payroll helping convince authenticator sales too, haha But it's free.... | ||
|
Jtn
444 Posts
| ||
|
Billmaan
7 Posts
On July 20 2011 02:12 ZerGuy wrote: It's not a major flaw, it's harder to make it ignore the casing. Really. It's one command more. They do it on purpose. This is the truth. This is not a case of "Blizzard was lazy" or "Blizzard forgot" or even "it's a bug": this must have been a conscious design decision. | ||
|
simansh
257 Posts
Really the thing that makes your password the hardest to guess is how long it is, the amount of characters is already pretty large. | ||
|
KillerPlague
United States1386 Posts
 | ||
|
DuckS
United States845 Posts
| ||
|
Nagano
United States1157 Posts
| ||
|
Gheed
United States972 Posts
| ||
|
Gheed
United States972 Posts
On July 20 2011 03:39 Nagano wrote: Interesting note: BW bnet1.0 was case-sensitive. No, original battle.net passwords are not case sensitive, either. I just tested it using Warcraft 3. | ||
|
Ramuh
Germany238 Posts
I guarantee you that 99,9 % of so called "hacked" accounts are from keyloggers, phishing sites, trojans and such stuff http://imgur.com/gallery/YWFLq substitute viruses with hacks and you're about right Quick Math: 26 chars, 6 char password length, and assuming you can try 100 passwords per second you 26^6 / 100 / 60 / 60 / 24 = 35 days for bruteforcing a 6(!) char password. And thats assuming blizzard lets you bombard their servers. | ||
|
Bobbias
Canada1373 Posts
On July 20 2011 03:14 Glowbox wrote: As far as I know Blizzard uses the SRP6 protocol ( http://en.wikipedia.org/wiki/Secure_remote_password_protocol ) for the login. Thanks for the link, never knew about that (I'm no crypto nerd, but I'm not clueless either). At first glance it looks like a pretty secure system, but like I said at first glance. | ||
|
TheResidentEvil
United States991 Posts
| ||
|
Mithriel
Netherlands2969 Posts
Never had one before, and irony is i hardly play WoW anymore which authenticator is most needed for and gave away most of my gold already but ah well. | ||
|
Triscuit
United States722 Posts
On July 20 2011 03:42 Ramuh wrote: It doesn't matter. You almost can't bruteforce passwords over network, it just does too damn long. while capitalization doubles the number of possible passwords (well not exactly, but you get the point) bruteforcing it is not an option. I guarantee you that 99,9 % of so called "hacked" accounts are from keyloggers, phishing sites, trojans and such stuff http://imgur.com/gallery/YWFLq substitute viruses with hacks and you're about right Quick Math: 26 chars, 6 char password length, and assuming you can try 100 passwords per second you 26^6 / 100 / 60 / 60 / 24 = 35 days for bruteforcing a 6(!) char password. And thats assuming blizzard lets you bombard their servers. This guy has the right idea. Just make your password a few letters longer if you're really concerned. That will have a MUCH larger impact on the security of your password from bruteforcing. However, it makes zero difference if you're getting keylogged. | ||
|
FireFish
Denmark228 Posts
| ||
|
Exempt.
United States470 Posts
So let's go ahead and look at it, blizzard passwords already use letters, numbers, and symbols. This is already a ton of possibilities and whether there's case sensitive to add another 26 possibilities or not probably doesn't matter enough to have case sensitive because either way the searches are somewhat long. Next reason would be that hacking is often resulting from a keylogger not some hacker searching all the possible combinations of your passwords when they have your username. Another reason why this isn't applicable is that hackers don't have a reason to spend time to search your password on Starcraft 2 whether there is case sensitive or not. This last reason ties in with all the above reasons to make them more sensible and realistic: Having case sensitive is simply less user friendly thus not having it is much more convenient for starcraft users. Thus blizzard probably doesn't see the point in having case sensitive. Instead of trashing blizzard who happen to be one of the best gaming companies out there and making assumptions on what you believe is right you should probably just weigh the facts as this topic isn't really important. | ||
|
schmeebs
United States115 Posts
| ||
|
dcemuser
United States3248 Posts
On July 20 2011 02:28 Tofugrinder wrote: caseinsensitive passwords and without numbers and signs are just as good as to have your password the same as the login. The password should be _always_ more than 10 characters with small/big letters, numbers and signs. So this is in my opinion a real big problem. For sc2 it might just be bad, but for wow this could end desastrous because people have their account data saved up I'm fairly certain WoW blocks brute force (and dictionary-based) attempts. If somebody is pounding out even a hundred thousand passwords a second, they're going to deactivate the account. And at 500,000 a second, it would take your entire life to crack a 10 character password through brute force (using all lowercase). Dictionary based attempts are faster, but we're still talking about like a year at least. On July 20 2011 03:58 schmeebs wrote: unless you use a password that is not a word and is a jumble of letters/numbers/symbols it being case sensitive or not doesn't really matter, as people have said. If you get your account hacked 99.9% of the time its because you screwed up, not because some hacker has it in for you. I would extend that 99.9% to 99.999% honestly. Basically, only people like Totalbiscuit, Reckful, Swifty, and other very notable WoW players would be in danger of these types of attacks. (And even then, it would be easier to specifically target them in other ways) | ||
| ||
