GW logon security question - Guild Wars Forums

ggShaquira · May 10, 2011, 10:29 AM // 10:29

If i use GW on my own laptop, on someone else's wifi connection, can the logon information be captured or is it encrypted?

mario910 · May 10, 2011, 11:53 AM // 11:53

Not rly. Login informations are encrypted in packets.

caballo_oscuro · May 10, 2011, 03:55 PM // 15:55

@ggShaquira: If you use WPA/WPA2 the connection between your laptop and the wireless router is encrypted, and decrypting them would be very difficult. If you're on unencrypted wifi then all packets are in the clear. If guildwars decides to use some further encryption of your login data at the login process, the same way your hotmail/yahoo/gmail uses, it will encrypt your data using ssl which is then further encrypted by your wireless card until it reaches the wireless router. The two levels of encryption would be separate. Read about the ISO OSI reference model. Data can be encrypted potentially at each level of the model.

@mario910: Packets are simply a way of describing how data is broken up into chunks. It doesn't mean that there is any encryption. Encryption is performed by the particular protocol in place, such as https, which uses ssl to encrypt your data which is then broken up into packets either by the TCP or UDP protocols which transport your data, which is encapsulated in Ethernet frames to transport to your router and from there, de-encapsulated in Ethernet frames and then re-encapsulated to be sent down your DSL/Cable/Fibre network your provider gives you. So no, data is not encrypted in packets. Individual packets can contain data which has been encrypted by a protocol using an algorithm.

Draca · May 10, 2011, 04:11 PM // 16:11

@caballo_oscuro even tho a network is wpa2-aes secured you can still arp-spoof if you are the owner or a user on the network that would still allow you to see all traffic on the network.
edit: I'm very sure that gw does not use ssl since the ssl handshake does not show up on a packet capture.

@OP I don't think the connection is highly encrypted but gw does not use a plain text format like http and ftp does. That makes it way harder to get then passwords on the web. That also makes that a attack would have to actively look for gw packets.

mario910 · May 10, 2011, 08:13 PM // 20:13

As Draca said, I meen text in packets is not sent as simple text. Ofc it is possible to read that data from packets (as we saw it in GWLP for eg.) but it is not easy and common person who can capture data packets can't do this.

ggShaquira · May 13, 2011, 06:55 AM // 06:55

I think my question is answered.

I was thinking of using my GW on a hotel network so the owner will not know what to look for in advance.

So i guess i do not run a great risk of getting my account hacked by doing so

Thanks

May 10, 2011, 10:29 AM // 10:29	#1
ggShaquira Ascalonian Squire Join Date: May 2011 Guild: Lowlands Strike Force Profession: E/Mo	GW logon security question If i use GW on my own laptop, on someone else's wifi connection, can the logon information be captured or is it encrypted?

May 10, 2011, 03:55 PM // 15:55	#3
caballo_oscuro Krytan Explorer Join Date: Aug 2008 Guild: Aura	@ggShaquira: If you use WPA/WPA2 the connection between your laptop and the wireless router is encrypted, and decrypting them would be very difficult. If you're on unencrypted wifi then all packets are in the clear. If guildwars decides to use some further encryption of your login data at the login process, the same way your hotmail/yahoo/gmail uses, it will encrypt your data using ssl which is then further encrypted by your wireless card until it reaches the wireless router. The two levels of encryption would be separate. Read about the ISO OSI reference model. Data can be encrypted potentially at each level of the model. @mario910: Packets are simply a way of describing how data is broken up into chunks. It doesn't mean that there is any encryption. Encryption is performed by the particular protocol in place, such as https, which uses ssl to encrypt your data which is then broken up into packets either by the TCP or UDP protocols which transport your data, which is encapsulated in Ethernet frames to transport to your router and from there, de-encapsulated in Ethernet frames and then re-encapsulated to be sent down your DSL/Cable/Fibre network your provider gives you. So no, data is not encrypted in packets. Individual packets can contain data which has been encrypted by a protocol using an algorithm. Last edited by caballo_oscuro; May 10, 2011 at 04:01 PM // 16:01..

May 10, 2011, 04:11 PM // 16:11	#4
Draca Academy Page Join Date: Apr 2011 Location: Sweden Profession: E/	@caballo_oscuro even tho a network is wpa2-aes secured you can still arp-spoof if you are the owner or a user on the network that would still allow you to see all traffic on the network. edit: I'm very sure that gw does not use ssl since the ssl handshake does not show up on a packet capture. @OP I don't think the connection is highly encrypted but gw does not use a plain text format like http and ftp does. That makes it way harder to get then passwords on the web. That also makes that a attack would have to actively look for gw packets. Last edited by Draca; May 10, 2011 at 04:18 PM // 16:18..

May 10, 2011, 11:53 AM // 11:53	#2
mario910 Ascalonian Squire Join Date: Dec 2007 Location: Poland Guild: Wyzsza Szkola Robienia Halasu [WSRH]	Not rly. Login informations are encrypted in packets.

May 10, 2011, 08:13 PM // 20:13	#5
mario910 Ascalonian Squire Join Date: Dec 2007 Location: Poland Guild: Wyzsza Szkola Robienia Halasu [WSRH]	As Draca said, I meen text in packets is not sent as simple text. Ofc it is possible to read that data from packets (as we saw it in GWLP for eg.) but it is not easy and common person who can capture data packets can't do this.

May 13, 2011, 06:55 AM // 06:55	#6
ggShaquira Ascalonian Squire Join Date: May 2011 Guild: Lowlands Strike Force Profession: E/Mo	I think my question is answered. I was thinking of using my GW on a hotel network so the owner will not know what to look for in advance. So i guess i do not run a great risk of getting my account hacked by doing so Thanks