World of WarCraft login prompt secure?

Tek7 · Dec 31, 2009

Does the World of WarCraft game client send account credentials (username and password) using plaintext or an encrypted method?

I ask because I'll be using free wireless Internet some time over the next few days and would like to log in when I can--but not at risk to my account.

If the game client sends the credentials using plaintext, is there a way to force WoW to send the data through a proxy (like a web browser)?

grimsauce · Dec 31, 2009

Hmmm... I am un-sure of how they do it. But, I very highly doubt that you would have your information stolen. In the event that your account does get stolen, it is incredibly easy to get it returned... at least it was for me. I basically just called blizzard, gave them my secret question, my address, my phone number, and e-mail... then they asked me what I wanted my new password to be. As for character's getting deleted and such... they can restore your items and characters if they get deleted, although that usually takes about a week.

I mean, I realize that what I said isn't a "solution", but hopefully it eases some of your worries?

XionTawa · Dec 31, 2009

Use an authenticator? It creates a 2nd password that changes every 1 min on an external device...

Avesther · Dec 31, 2009

XionTawa said:
Use an authenticator? It creates a 2nd password that changes every 1 min on an external device...

QFT $6, piece of mind, it is worth it. And you can have one authenticator on as many accounts as you have access to.

vibrokatana · Dec 31, 2009

The login name appears to be sent as plaintext while the password is hashed with a one time salt. I wont post the source because it looked like a tutorial to write a bot

Depending on how strong the hashing algorithm is it can take several months to centuries to break it. Due to the salt there is little chance of someone being able to utilize pre generated rainbow tables to reduce the time needed to crack the password. The salt also means that someone can't utilize a replay attack to log in later on.

Tek7 · Jan 1, 2010

vibrokatana said:
The login name appears to be sent as plaintext while the password is hashed with a one time salt. I wont post the source because it looked like a tutorial to write a bot

Depending on how strong the hashing algorithm is it can take several months to centuries to break it. Due to the salt there is little chance of someone being able to utilize pre generated rainbow tables to reduce the time needed to crack the password. The salt also means that someone can't utilize a replay attack to log in later on.

Thank you, sir!

World of WarCraft login prompt secure?

Tek7

CGA President, Tribe of Judah Founder & President

grimsauce

New Member

XionTawa

New Member

Avesther

New Member

vibrokatana

New Member

Tek7

CGA President, Tribe of Judah Founder & President

Forum statistics

Share this page