OFFICIAL NEWS


uiWebPrevious12uiWebNext

#16 Report | Quote[en] 

Damn, now I can't login to game. What a "smart" action to cause even more wreckage. Why can't you just allow me to enter and THEN ask to change password? Do you honestly think I remember mail I used to register few years ago? (not even sure if I will be able to remember password of this mailbox or that it exists). Are

On side note, if we speak about security! THIS FORUM does not even uses https. So what? Just some single connection over open wi-fi and it turns out you send your password over the air, well-visible to everyone. Don't you mind at least using HTTPS to make it a bit more secured? Sure, HTTPS is crap but it is better than just shouting password in cleartext to open air, isn't it?!

And bittymacod, his screen shows password cracker which has successfully recovered password. You see, DES uses 56-bit key so it can be brute-forced on modern GPU in foreseeable time, no matter what. Using DES in 2014? Makes no sense at all - DES can't protect anyone from anything these days. On other hand its quite slow.

UPD: found way to change it w/o e-mail crap. On side note, you can't enter anyhow complex password: form only allows 8 chars and alphanumeric password. No even spaces. Ouch.

Last edited by Nixus (10 years ago)

#17 Report | Quote[en] 

Nixus (atys)
Damn, now I can't login to game. What a "smart" action to cause even more wreckage. Why can't you just allow me to enter and THEN ask to change password? Do you honestly think I remember mail I used to register few years ago? (not even sure if I will be able to remember password of this mailbox or that it exists).
You can still login to the billing account with your old password and change both your password and email there.
Nixus (atys)
On side note, if we speak about security! THIS FORUM does not even uses https. So what? Just some single connection over open wi-fi and it turns out you send your password over the air, well-visible to everyone. Don't you mind at least using HTTPS to make it a bit more secured?

Yep, HTTPS should be used (and forced) for the forum, but also for the API, the game login-system (yes, it uses HTTP), etc.
Nixus (atys)
Sure, HTTPS is crap but it is better than just shouting password in cleartext to open air, isn't it?!

No, HTTPS isn't crap. A properly configured HTTP server will protect the communication in a very effective way. The only "bad" thing about it is inherent to the X.509 certificates which have to be trusted by CAs (which is a problem) ; and DANE seems to be a good future solution to this CA issue.
Nixus (atys)
And bittymacod, his screen shows password cracker which has successfully recovered password. You see, DES uses 56-bit key so it can be brute-forced on modern GPU in foreseeable time, no matter what. Using DES in 2014? Makes no sense at all - DES can't protect anyone from anything these days. On other hand its quite slow.

Yes, hashcat recovered the 8 characters password in one minute.
Nixus (atys)
UPD: found way to change it w/o e-mail crap. On side note, you can't enter anyhow complex password: form only allows 8 chars and alphanumeric password. No even spaces. Ouch.

That's a problem from crypt(3) with DES: it considers only the first 8 bytes of the password.

---

Markanjio di Segafredo
Alkiane
Noble Gardien des Matis - Noble Matis Guardian
Fléau de l'Empire - Scourge of the Empire

#18 Report | Quote[en] 

I love how there are several people talking about this breach, in forums and in game, several requests are made, concerns being raised, etc.

The "Communication Manager" (and I need bigger quotation marks for that title) is meanwhile busy posting about ingame events, not even a word here that "we are looking into your requests". Not even going through the motions of pretending to address anything.

The first player request was made within minutes after the thread was created. There have been three days, enough to a) translate to French what people are saying, b) discuss the issues roughly, and c) give an answer, even if partial. My requests still stand, btw.

p.s. Thank you Markanijo and Karu for the details you provided.

---

#19 Report | Quote[en] 

Markanjio (atys)
You can still login to the billing account with your old password and change both your password and email there.
Well, client haves "Edit Account" button and that one worked for me. At first glance it leads to this URL.
Yep, HTTPS should be used (and forced) for the forum, but also for the API, the game login-system (yes, it uses HTTP), etc.
Not sure it should be forced but at least it should be offered by default to minimize leaks due to sniffing in networks (especially open wi-fi).
No, HTTPS isn't crap. A properly configured HTTP server will protect the communication in a very effective way. The only "bad" thing about it is inherent to the X.509 certificates which have to be trusted by CAs (which is a problem);
The problem is really multi-fold. First of all, SSL and TLS are horribly over-engineered, use ton of legacy crap and offer load of options (including insecure stuff). This makes libs complicated. This makes APIs complicated. This makes usage complicated. As the result it is really hard to use SSL or TLS properly. This dooms us to face countless bugs in libs. Heartbleed being most famous ofc and it should not exist here in 1st place. Not even as bug in lib, but as protocol feature. Overcomplicated protocol doomed to have ton of implementation bugs. Then there is legacy stuff, different lib defaults and so on. Do you know what encryption algo is being used when you call lib do do SSL for you? Ahh, it requires some extra expertise in area? While most app devs can't distinguish des from rc4. Now you can guess how secure it would be in practice. Half of "secured" programs using SSL do not even bother self to check certificate fingerprint and if it changed since last time and ignore all errors. Needless to say, MITM can just replace cert and nobody will notice anything half of time. You'll have "secure" connection ... to wrong server.

DNS security is crap as well. It is not going to work. Think about one simple fact: we can't stop use of classic DNS in foreseeable future. This means MITM can try to downgrade it to "usual" DNS and hijack it. I do not see how you can completely prevent it without breaking compatibility with classic DNS or app-level hacks with some a priori knowledge. Not to mention DNS is centralised (==easy to hijack if you've got some power).

And then any CA can issue certificate for literally anything. Some CAs were already abusing this fact by issuing wildcard certificates to sniff SSL traffic by intrusion detection systems and authorities. Then there were some hackers (ComodoHacker, etc). Theoretically app can remember fingerprint of certificate used to talk to server before and alert user if it changes. Yet very few apps implement this technique. Not even browsers. I only seen it in Pidgin. Which is noteworthy, but its literally single program on the planet I've seen which actually cares about unexpected changes to server certificate.

So basically IMO you can't expect adequate security from SSL or TLS if you're average Joe or app dev who want "secure connection". And thinking you're secure when you're not is really bad. However, sending password as clear text over air, etc could be even worse. And while you can implement something better in game client, it's not like if you can fix all browsers on the planet. So yep, we have this crap and it is not easy to fix.
That's a problem from crypt(3) with DES: it considers only the first 8 bytes of the password.
crypt() password scheme is ancient/defective. Linux and most BSDs moved away to better password schemes ages ago. IMO best thing you can try as password hashing these days is something like scrypt or Catena. Catena can be interesting as hash because it can require client to do relatively heavy proof-of-work computation without forcing server to do the same. This way hash is resource heavy to bruteforce (both over network and locally), parallel bruteforce turns out to be memory hog/asic unfriendly, however, server can quickly check if client's response is valid or not as it only does last phase in split computation. Local bruteforce takes both computations and so you can't quickly bruteforce password -> hash match. User would not mind 1 second delay at login. However bruteforce speed = 1 password per second could make h@x0rz unhappy about it :)

#20 Report | Quote[en] 

Nixus (atys)
So basically IMO you can't expect adequate security from SSL or TLS if you're average Joe or app dev who want "secure connection". And thinking you're secure when you're not is really bad.
I totally agree on the fact that the current SSL/TLS implementations are very hard to use. OpenSSL isn't called OpenSSHELL for nothing, for I used it in the past I can guarantee it. Talking about it, that's the reason why we should support LibreSSL, I'm pretty sure the OpenBSD guys will offer us something decent.

However, only a limited range of developers have to deal with the OpenSSL/GnuTLS/whateverSSL madness. The main (and almost only) use case I can see is when you have to re-implement a protocol which will be secured by SSL/TLS. For example when writing an HTTP/IMAP/POP/IRC/WhateverElse server or a library; and when you are writing such things you're not a lambda app dev. When you're an average developer and you want to use HTTP and/or HTTPS, you use a library which provides it and therefore you don't have to call a single OpenSSL function yourself. All you need is some basic knowledge about how SSL/TLS works and, given the adequate learning resources, it should be a matters of days studying. Same thing for the system administrators: all they need is to know how to configure their server properly (eg: managing certificates, choosing the correct cipher suites, setting HSTS if revelant and so on).

That said, I would agree on the fact it's not easy for a simple user to know whether or not the communication is secured. For years now we simply told them "if you can see the padlock, then it's secure", which is a false statement because too much incompetent sys admins have absolutely no idea on how to configure a server. For example, secure.ryzom.com hasn't been updated for years and was absolutely not "secure" until, under pressure, VL replaced it with new one with an acceptable configuration. In my opinion, if every sys admins were competent, users should just have to trust the little padlock icon.

Nixus (atys)
IMO best thing you can try as password hashing these days is something like scrypt or Catena.
Hum, I never heard about it. Has it been reviewed/audited by independent security researchers?

---

Markanjio di Segafredo
Alkiane
Noble Gardien des Matis - Noble Matis Guardian
Fléau de l'Empire - Scourge of the Empire

#21 Report | Quote[en] 

I still want an answer to my questions.

Are you going to implement a different mechanism for password encryption? Are you going to allow us to have longer passwords? Did you notify inactive players via e-mail? In short, if another attack happens and is successful, will you be better prepared?

---

#22 Report | Quote[fr] 

Mjollren (atys)
I still want an answer to my questions.

Are you going to implement a different mechanism for password encryption? Are you going to allow us to have longer passwords? Did you notify inactive players via e-mail? In short, if another attack happens and is successful, will you be better prepared?

https://bitbucket.org/ryzom/ryzomcore/issue/206/change-the-hash-m ethod-used-to-store

---

#23 Report | Quote[en] 

Your whole site/game needs to be under https.

As note, SSLs using sha1 will no longer be recognized with the new version of Chrome
coming out next year.

sha1 has been broke for 4 years that I know of.

Myself, I have to get new cert that use sha2 for my sites so Chrome will accept the SSL.

Sounds more like sql injection got you, nothing to do with the SSL cert.
I hope you have that covered, but sure sounds like you don't.

Edited 2 times | Last edited by Gelaz (9 years ago)

#24 Report | Quote[fr] 

Ey Up Toons!

Tell you what's funny ...
Tickling Yubo's is funny;
Seeing if you can outrun a Kincher is funny (whilst rubber banding);
And listening to the rants of everyone is hilarious!

2 Weeks before this breach occured, no one had anything to say about "how poor the authentication is, nor how poor DES is" but, following a breach which is resported to have affected 1% (and hasn't been proven to be any more than 1% that I know of) suddenly the critics ignite and the forum posts start flying.

Even more bizzarly, screenshots get posted showing poeple (that possibly didn't already know) how to start password cracking themselves. Very weird!!

IMO, this started as an announcement (that didn't mean any particular account had been breached) but all the follow on comments haven't done much apart from increase the risk of future breaches.

How cool is that?!? :-)

---



Everone has an opinion, and of course are entitled to have one, but others are equally entitled to decide whether they choose to agree or disagree. Acting like a complete Muppet isn't likely going to change minds or win support :)

#25 Report | Quote[fr] 

Oh, so, after many years from my forum posts complaining about ryzom security issues (and no one caring), you all awaken...

Better late than never.

---

Gilgameesh
Legion of Atys

#26 Report | Quote[fr] 

All a mter of how you see things I guess.

Taking your point (and I don't mean to sound flippant) but if you 'genuinly' had concerns over the security of your account, and didn't feel that your concerns were being taken seriously, then why do you still log in and play a game which (in your mind) would present a risk to the care of your personal information?

My point isn't aimed in particular, but sounds a lot like "we have a problem (but not a real one)" until something happens. At which point, Homins gets on the back of it and it becomes a burning issue.

It would seem sensible to cancel subs until the issues were adressed and confidence restored, but in a weird way that would be the worst thing to do because cancelling subs would remove (already scarce) funds from the game hence less funds = less development resource/time/effort. To me that sounds like, I've been shot in my left foot, so I'm going to chop off my right one in protest

Funny thing 'Homin Nature!' :-)

---



Everone has an opinion, and of course are entitled to have one, but others are equally entitled to decide whether they choose to agree or disagree. Acting like a complete Muppet isn't likely going to change minds or win support :)

#27 Report | Quote[en] 

Bubbason (atys)
All a mter of how you see things I guess.

Taking your point (and I don't mean to sound flippant) but if you 'genuinly' had concerns over the security of your account, and didn't feel that your concerns were being taken seriously, then why do you still log in and play a game which (in your mind) would present a risk to the care of your personal information?

My point isn't aimed in particular, but sounds a lot like "we have a problem (but not a real one)" until something happens. At which point, Homins gets on the back of it and it becomes a burning issue.

It would seem sensible to cancel subs until the issues were adressed and confidence restored, but in a weird way that would be the worst thing to do because cancelling subs would remove (already scarce) funds from the game hence less funds = less development resource/time/effort. To me that sounds like, I've been shot in my left foot, so I'm going to chop off my right one in protest

Funny thing 'Homin Nature!' :-)


You are right, in fact are 2 years now I am out of Atys. And I am one that had, 2 years ago, 365 game time played since 2004.
So, you can consider me a true fan and addicted to Atys.

But since the last merge and clean of all the stuff, with the Ryzom API developed totally unsecure, with Web App totally unsecure (and some other concerns about the merged community), I stopped playing. I unsubbed and gone to play another MMO.

Don't misunderstand me, as many people can remember, I love Atys. But as I was the only one pointing at the real problems of the game and never taken it seriously i could not do anything different from unsubscribing my 2 accounts.

I logged in now just to post here and, because I am a technician with 30 years of experience, I know what to do to protect my data. I change passwords regularly, I use different passwords anywhere, even my written notes are encrypted in my own way. But you have to guarantee security to all the people around, even people that know nothing about computer programming.

I will change the password once i finished to stay here, and probably it will take a lot of time before logging in the Web App another time.

I had "genuinely" concerns very long time ago (you can check forum if posts are saved somewhere), but no one cared.

I only hope, given a Comodo SSL Certificate is very cheap, that you finally decide to make your sites secure as they were during Nevrax era.

I still am a true fan of Atys and hope the bet wishes for all of you.

---

Gilgameesh
Legion of Atys

#28 Report | Quote[en] 

never mind

Last edited by Bubbason (9 years ago)

---



Everone has an opinion, and of course are entitled to have one, but others are equally entitled to decide whether they choose to agree or disagree. Acting like a complete Muppet isn't likely going to change minds or win support :)

#29 Report | Quote[en] 

OMG.. what i**ot made all fields in profile mandatory.. Wake up guys.. About ryzom security there was many posts.. Whole implementation of solwing that attack is ridiculous..

Edited 2 times | Last edited by Tiximei (9 years ago) | Reason: Please avoid offensive language even when covering them with **

#30 Report | QuoteMultilingual 

Multilingual | Français | [English]
Hello,

No passwords are saved without encryption in the data base, in effect a salt is used to secure it.

The length and the encryption of the passwords have been changed in the code by Ryzom Core.Once tested and validated, these changes will be applied to Ryzom services.

The improvement of security is an integral part of Ryzom Roadmap for 2015: https, secure.ryzom.com, passwords.

Last edited by Tamarea (9 years ago)

---

Tamarea
Ryzom Team Manager
(FR / EN / ES)

tamarea@ryzom.com
uiWebPrevious12uiWebNext
 
Last visit Thursday, 28 March 23:06:55 UTC
P_:

powered by ryzom-api