Maintenance for the week of September 22:
• NA megaservers for maintenance – September 22, 4:00AM EDT (8:00 UTC) - 10:00AM EDT (14:00 UTC)
• EU megaservers for maintenance – September 22, 8:00 UTC (4:00AM EDT) - 14:00 UTC (10:00AM EDT)
• NA megaservers for maintenance – September 22, 4:00AM EDT (8:00 UTC) - 10:00AM EDT (14:00 UTC)
• EU megaservers for maintenance – September 22, 8:00 UTC (4:00AM EDT) - 14:00 UTC (10:00AM EDT)
Is there an encryption over authentification ? [answer: YES]
Eylith
✭✭✭
From a french topic : http://forums.elderscrollsonline.com/discussion/72377/serieusement-pas-de-cryptage-lors-de-l-authentification
Translate :
Sorry if my translate is bad, and sorry for my broken english.
Translate :
nightwolf93000 wrote:Hi,
I was looking around on TESO network frames, just to make sure my account was secure, and surprise !
There seems to have no encryption when the client send the user and passwd to the server. This is strange, every MMO nowaday have this.
Here is a sample of network frame I catch :
email_address=test&password=test&realm_id=4001&device_id=EA15BA0616DB261A
DD9AA8F82EA5954A50799048D4B2F6F1A9B14B8DBB705AB491C9D47CC196194CEBE15AC17C6AB944
C7751AC6DC7874222B2380CADAF334EA&trusted_machine=1&language=fr
Can I have somes details about this ?
Sorry if my translate is bad, and sorry for my broken english.
"Discuter avec un troll, c’est comme essayer de jouer aux échecs avec un pigeon. Tu as beau être très fort aux échecs, il arrive, renverse les pièces, chie sur l’échiquier et s’en va avec l’air supérieur comme s’il avait gagné." - Anonyme
1
-
KerinKor✭✭✭✭✭
✭On the face of it this seems a devastatingly bad bit of system design, I hope it's not what is being claimed.1 -
GossiTheDog✭✭✭✭✭The traffic should be over SSL (to live-services.elderscrollsonline.com or live-services-eu.elderscrollsonline.com on port 443).0 -
Eylith✭✭✭Everyone make mistake, including the OP. Perhaps the auth security level is just fine. But maybe it's not. What do you think about it ?"Discuter avec un troll, c’est comme essayer de jouer aux échecs avec un pigeon. Tu as beau être très fort aux échecs, il arrive, renverse les pièces, chie sur l’échiquier et s’en va avec l’air supérieur comme s’il avait gagné." - Anonyme0
-
Eylith✭✭✭This is false.
Can you be more explicit ? Some explanation or some screenshots maybe ?
"Discuter avec un troll, c’est comme essayer de jouer aux échecs avec un pigeon. Tu as beau être très fort aux échecs, il arrive, renverse les pièces, chie sur l’échiquier et s’en va avec l’air supérieur comme s’il avait gagné." - Anonyme0 -
GossiTheDog✭✭✭✭✭I tested it, the authentication happens over an SSL (encrypted) connection to live-services.elderscrollsonline.com.0
-
Vlas✭✭✭Performed capture on my system as I logged in.
Could not find anything relating to above. In fact, SSL is involved in most transactions with the launcher except pulling down some of the splash screen content. Even while you are playing the game your information is encoded in SSL.
I dont need to provide screen caps, anyone can download Network Monitor from Microsoft or Wireshark and perform the same function.0 -
Eylith✭✭✭Ok, thank you, I edit the title.Edited by Eylith on April 8, 2014 12:46PM"Discuter avec un troll, c’est comme essayer de jouer aux échecs avec un pigeon. Tu as beau être très fort aux échecs, il arrive, renverse les pièces, chie sur l’échiquier et s’en va avec l’air supérieur comme s’il avait gagné." - Anonyme0
-
ZOS_MichaelServotte✭✭✭✭✭
✭After this thread emerged earlier today, we sent the discussion directly to our security team. I am not a security professional - my background does not provide enough technical knowledge in this matter, so I will quote the answer from our team:
“The game authentication is over encrypted connections. At no time do the users' login details pass across the wire unencrypted. The login services for the game do not accept anything but secure connections.”
However, to avoid any speculation regarding this matter, this thread will not be re-opened.0
This discussion has been closed.