Two Plus Two Publishing LLC Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > >

Notices

About the Forums Here's where you post suggestions about the forums and the software that implements them.

Reply
 
Thread Tools Display Modes
Old 03-20-2009, 09:10 AM   #1
LirvA
self-banned
 
LirvA's Avatar
 
Join Date: Sep 2007
Location: Free Manning, Hammond, and Brown.
Posts: 42,857
hey I have a suggestion. Option to connect and log in securely with https

You guys should add SSL encryption, well an option for it at least. I've come accross forums that have this option, such as the defcon forums. 2+2 is a poker forum, and there's regularly transactions and transfers and stakes discussed in PMs I'm sure, and it would probably help to combat some of the scamming that goes on.

Option for secure login = good IMO
LirvA is offline   Reply With Quote
Old 03-20-2009, 09:22 AM   #2
LirvA
self-banned
 
LirvA's Avatar
 
Join Date: Sep 2007
Location: Free Manning, Hammond, and Brown.
Posts: 42,857
Re: hey I have a suggestion. Option to connect and log in securely with https

... plus you'd be (AFAIK) the only poker forum with https and it would be like a middle finger to the competitors amirite.

It's sort of a luxory. Give yourself something nice 2+2, you deserve it!
LirvA is offline   Reply With Quote
Old 03-20-2009, 09:39 AM   #3
MrWookie
Don't Call Me Shirley
 
MrWookie's Avatar
 
Join Date: Feb 2005
Location: Treating my drinking problem.
Posts: 83,894
Re: hey I have a suggestion. Option to connect and log in securely with https

Please elaborate how https is going to protect people who decide to transfer with 34 post count noobs.
MrWookie is offline   Reply With Quote
Old 03-20-2009, 09:41 AM   #4
diebitter
Grotesquely Handsome
 
diebitter's Avatar
 
Join Date: Mar 2005
Posts: 61,929
Re: hey I have a suggestion. Option to connect and log in securely with https

We'd have to upgrade from hamster to at least a medium-sized dog tho, with the extra overhead of traffic this generates.
diebitter is offline   Reply With Quote
Old 03-20-2009, 10:00 AM   #5
killa
huge dick
 
killa's Avatar
 
Join Date: Oct 2004
Location: NYC
Posts: 18,944
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by MrWookie View Post
Please elaborate how https is going to protect people who decide to transfer with 34 post count noobs.
It would secure the traffic , it wouldn't protect a user persay from a scammer if your dumb enough to fall for that **** there really aint no helping you.
Liv there really hasn't been reports of people intercepting logins and traffic to steal user names and such. While I hate toa gree with DB on anything I'm gonna have to give him the thumbs up here, it would be way to much overhead for this site to handle currently.
killa is offline   Reply With Quote
Old 03-20-2009, 10:20 AM   #6
LFS
emo gaylord
 
LFS's Avatar
 
Join Date: Dec 2004
Location: Doing the deal
Posts: 20,273
Re: hey I have a suggestion. Option to connect and log in securely with https

LFS is offline   Reply With Quote
Old 03-20-2009, 10:56 AM   #7
LirvA
self-banned
 
LirvA's Avatar
 
Join Date: Sep 2007
Location: Free Manning, Hammond, and Brown.
Posts: 42,857
Re: hey I have a suggestion. Option to connect and log in securely with https

his back looks like a tarantulas back. Like a P. Regalis or something.
LirvA is offline   Reply With Quote
Old 03-20-2009, 11:17 AM   #8
LFS
emo gaylord
 
LFS's Avatar
 
Join Date: Dec 2004
Location: Doing the deal
Posts: 20,273
Re: hey I have a suggestion. Option to connect and log in securely with https

I look at that picture and say to myself "That is a simple sloth, it is not capable of smiling or looking satisfied, you are anthropomorphizing it" but I can't make my brain see it as anything other than a happy sloth.
LFS is offline   Reply With Quote
Old 03-20-2009, 12:23 PM   #9
LirvA
self-banned
 
LirvA's Avatar
 
Join Date: Sep 2007
Location: Free Manning, Hammond, and Brown.
Posts: 42,857
Re: hey I have a suggestion. Option to connect and log in securely with https

lol yeah he's just cruisin.

... I still think it's a good idea though fwiw ... you know, if it's doable and won't affect things negatively, it's just one less possible security vulnerability.
LirvA is offline   Reply With Quote
Old 03-20-2009, 12:25 PM   #10
Wetdog
Pooh-Bah
 
Wetdog's Avatar
 
Join Date: Feb 2005
Location: Got FTP$ - enuf for just 1 titty
Posts: 5,248
Re: hey I have a suggestion. Option to connect and log in securely with https

It looks like a flattened, happy wookie face.
Wetdog is offline   Reply With Quote
Old 03-20-2009, 12:26 PM   #11
LirvA
self-banned
 
LirvA's Avatar
 
Join Date: Sep 2007
Location: Free Manning, Hammond, and Brown.
Posts: 42,857
Re: hey I have a suggestion. Option to connect and log in securely with https

lol he is a bit wookieish isn't he.
LirvA is offline   Reply With Quote
Old 05-12-2012, 09:45 AM   #12
LirvA
self-banned
 
LirvA's Avatar
 
Join Date: Sep 2007
Location: Free Manning, Hammond, and Brown.
Posts: 42,857
Re: hey I have a suggestion. Option to connect and log in securely with https

bump!
LirvA is offline   Reply With Quote
Old 05-12-2012, 10:54 AM   #13
AlanBostick
Carpal \'Tunnel
 
AlanBostick's Avatar
 
Join Date: Sep 2002
Location: We're all Lebowskis on this bus
Posts: 8,761
Re: hey I have a suggestion. Option to connect and log in securely with https

(1) Hang a packet sniffer on the Rio's LAN next month.

(2) Slurp up all the 2p2ers' logins and passwords you can.

(3) ????

(4) Profit!
AlanBostick is offline   Reply With Quote
Old 05-12-2012, 11:00 AM   #14
NewOldGuy
Pooh-Bah
 
Join Date: Mar 2009
Location: In the wires
Posts: 4,970
Re: hey I have a suggestion. Option to connect and log in securely with https

The only practical thing HTTPS is good for is preventing someone from snooping your local wireless or your local LAN, and capturing your traffic there. If you have that concern then make sure you use strong encryption on your home wireless protocol. Beyond that point there is an infinitessimal chance anyone who works on and has access to the Internet transfer pipes would ever be interested in your traffic. Scammers/spammers don't obtain account credentials that way.
NewOldGuy is offline   Reply With Quote
Old 05-12-2012, 11:05 AM   #15
Brons
Carpal \'Tunnel
 
Brons's Avatar
 
Join Date: Mar 2007
Posts: 6,565
Re: hey I have a suggestion. Option to connect and log in securely with https

Having https is just best practice imo. But so is not storing your passwords in a decryptable format so what do I know.
Brons is offline   Reply With Quote
Old 05-12-2012, 11:13 AM   #16
atakdog
addicted
 
atakdog's Avatar
 
Join Date: Jan 2008
Location: vṛkṣāsana
Posts: 49,998
Re: hey I have a suggestion. Option to connect and log in securely with https

Is there a reason not to use https? It seems that sniffing for 2p2 passwords at public hotspots like casinos and such could happen.
atakdog is offline   Reply With Quote
Old 05-12-2012, 11:20 AM   #17
LirvA
self-banned
 
LirvA's Avatar
 
Join Date: Sep 2007
Location: Free Manning, Hammond, and Brown.
Posts: 42,857
Quote:
Originally Posted by AlanBostick View Post
(1) Hang a packet sniffer on the Rio's LAN next month.

(2) Slurp up all the 2p2ers' logins and passwords you can.

(3) ????

(4) Profit!


Hey Bostick! I got the idea to bump this thread when I saw your post in the fish forum!

One of your posts responding to me there many moons ago was very nut imo. Impossible to find though :/

It wasn't my thread, someone asking about reading hands I think, I talked about a flush draw example and you responded talking about like taking a further view and thinking about what all he could have with this line iirc. Can't remember the details though. Wish I would have saved the post.
LirvA is offline   Reply With Quote
Old 05-12-2012, 12:29 PM   #18
zikzak
Carpal \'Tunnel
 
zikzak's Avatar
 
Join Date: Jul 2009
Posts: 18,590
Re: hey I have a suggestion. Option to connect and log in securely with https

First thing I tried when 2+2 came back was to see if SSL was now possible. Nope. Security fail.

Second thing I did was reply to a LirvA thread? Oh dear.
zikzak is offline   Reply With Quote
Old 05-12-2012, 01:31 PM   #19
fredd-bird
Carpal \'Tunnel
 
fredd-bird's Avatar
 
Join Date: Aug 2007
Location: LBS
Posts: 18,946
Re: hey I have a suggestion. Option to connect and log in securely with https

fredd-bird is offline   Reply With Quote
Old 05-12-2012, 02:51 PM   #20
KKKKA
stranger
 
Join Date: May 2012
Posts: 4
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by atakdog View Post
Is there a reason not to use https? It seems that sniffing for 2p2 passwords at public hotspots like casinos and such could happen.
It's resource-intensive to do HTTPS. But 2+2 needs to bite that bullet (if ever they get the normal, everyday forum stuff working again reliably).
KKKKA is offline   Reply With Quote
Old 05-12-2012, 03:19 PM   #21
AlanBostick
Carpal \'Tunnel
 
AlanBostick's Avatar
 
Join Date: Sep 2002
Location: We're all Lebowskis on this bus
Posts: 8,761
Re: hey I have a suggestion. Option to connect and log in securely with https

How resource-intensive is it to use https to process logins but serve up the forum pages in cleartext? What fraction of transactions processed by the server are logins?
AlanBostick is offline   Reply With Quote
Old 05-13-2012, 01:15 AM   #22
bav
Carpal \'Tunnel
 
bav's Avatar
 
Join Date: Nov 2005
Location: Vegas
Posts: 8,125
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by AlanBostick View Post
How resource-intensive is it to use https to process logins but serve up the forum pages in cleartext? What fraction of transactions processed by the server are logins?
Securing just logins and password changes will help, but there's the issue of sniffed auth cookies. Basically, if you do all the work of securing the userid and password, but then set a cookie with seKret stuff in it and pass that in plaintext, you're at least potentially allowing an attacker to see that cookie and use it to spoof that user for the duration of that session.

http://arstechnica.com/business/2011...-web-using-it/
bav is offline   Reply With Quote
Old 05-13-2012, 01:27 AM   #23
fredd-bird
Carpal \'Tunnel
 
fredd-bird's Avatar
 
Join Date: Aug 2007
Location: LBS
Posts: 18,946
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by bav View Post
Basically, if you do all the work of securing the userid and password, but then set a cookie with seKret stuff in it and pass that in plaintext, you're at least potentially allowing an attacker to see that cookie and use it to spoof that user for the duration of that session.
twss
fredd-bird is offline   Reply With Quote
Old 05-13-2012, 06:39 AM   #24
Wiki
Pooh-Bah
 
Wiki's Avatar
 
Join Date: Mar 2008
Location: [2,5]
Posts: 5,812
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by Brons View Post
Having https is just best practice imo. But so is not storing your passwords in a decryptable format so what do I know.
Although there has been mention of 'decrypting passwords' this may not be an accurate description of what happened.

Passwords are usually stored by a method that would more properly be termed 'hashed' than 'encrypted'.

The algorithm used is designed to be non-reversible. This is fairly easy to achieve. It takes the characters of the password and creates an integer (strictly, a certain number of bits), that can be compared. This does mean, however, that if you know the algorithm and the hashed password, whilst you may not be able to determine the actual password, you can reasonably easily find another password that hashes to the same value. Then you can use that password to log in to the account in question.
Wiki is offline   Reply With Quote
Old 05-13-2012, 10:27 AM   #25
Brons
Carpal \'Tunnel
 
Brons's Avatar
 
Join Date: Mar 2007
Posts: 6,565
Re: hey I have a suggestion. Option to connect and log in securely with https

Yeah, I assumed that they were talking about hashed passwords that got rainbow table'ed. But, there are defenses against rainbow tables that make it impractical to de-hash passwords. They apparently didn't do this so I don't think it's unreasonable to think they wont use SSL either.
Brons is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Forum Jump


All times are GMT -4. The time now is 10:49 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright ę 2008-2010, Two Plus Two Interactive
 
 
Poker Players - Streaming Live Online