0.9.13m Patch Notes

"
Piranhaz wrote:
Where is *Reverted chat(especially trade chat) back to difficulty locked...

To be honest making any kind of trades is impossible now ingame.Im never in same chat instance as my friends+to make it worse it's now filled with people spamming random crap from lower difficulties.Never seen such a counter-productive patch result... /QQ off

Forums will be the best option regardless.
Current IGN: twitchtvTheuberelite

http://twitch.tv/theuberelite - I stream sometimes.
You can now play without people sniffing up your passwords, hopefully.
"
Added encryption to the game protocol.

That doesn't help if you didn't make major changes.

Hackers simply use an IDA Plugin named patchdiff or got programs such as bindiff.


"
Zoxc wrote:
You can now play without people sniffing up your passwords, hopefully.


I assume it refers to
"Added encryption to the game protocol."

But wait, this was possible before?
Live Stream: https://www.twitch.tv/menthur
Twitter: https://twitter.com/CMenthur
"
exorzist wrote:
"
Zoxc wrote:
You can now play without people sniffing up your passwords, hopefully.


I assume it refers to
"Added encryption to the game protocol."

But wait, this was possible before?
No.
"
But wait, this was possible before?

If somebody could record you packetstream then he could easily aquire all data he needed.

But for such malicious persons will simply check where the data gets decrypted, infect victims via drive by downloads and read the contents from that point, it's just one more step to them.
"
exorzist wrote:
"
Zoxc wrote:
You can now play without people sniffing up your passwords, hopefully.


I assume it refers to
"Added encryption to the game protocol."

But wait, this was possible before?

Yes, and this was made worse by the fact that you couldn't recover accounts using your email address (which you still probably can't do). Now both the website and the game protocol encrypts your password.

You now need to infect the users computer or bribe GGG employees to access users passwords.
"
Zoxc wrote:
"
exorzist wrote:
"
Zoxc wrote:
You can now play without people sniffing up your passwords, hopefully.


I assume it refers to
"Added encryption to the game protocol."

But wait, this was possible before?

Yes, and this was made worse by the fact that you couldn't recover accounts using your email address (which you still probably can't do). Now both the website and the game protocol encrypts your password.

You now need to infect the users computer or bribe GGG employees to access users passwords.


Even if you bribe us you would not be able to get the users password. We don't store them. We store salted multi-round hashes.

In addition, I feel it's slightly misconstrued to say that you could sniff passwords before. What you could sniff before was a hash of the users password (which is what the game client sends and what it stores when you use the Save Password feature).

This means that sniffing the PoE game connection previously would have been enough to steal a Path of Exile account, but that doesn't give away the actual text of your password which you might be using for other things.

In any case, the protocol is encrypted now.
Path of Exile - Lead Programmer
"
Jonathan wrote:
We store salted multi-round hashes.

Sounds delicious
Mmmm, salted multi-round hashes *drools*"

Report Forum Post

Report Account:

Report Type

Additional Info