Does this site really not use https, and uses plaintext passwords? - Page 3 - About the Forums

Two Plus Two Forums Two Plus Two About the Forums

Does this site really not use https, and uses plaintext passwords?

Post Reply Subscribe

...

Page 3 of 6

1 2 3 4 5 6

Page 3 of 6

1 2 3 4 5 6

11-09-2015 , 05:40 AM

#51

Mr.mmmKay

Drugs are bad...

Join Date: May 2011 Posts: 20,176

Quote

11-09-2015 , 08:34 AM

#52

Roonil Wazlib

veteran

Join Date: Feb 2014 Posts: 3,333

Hey, words hurt...

Thankfully none of that was words

Quote

11-11-2015 , 07:21 AM

#53

killer_kill

Carpal \'Tunnel

Join Date: Oct 2007 Posts: 28,610

Quote:

Originally Posted by herbertstemple

April, 2012.

I cri evertime

Quote

11-11-2015 , 06:34 PM

#54

Morphismus

BBV Poker Player of 2022

Join Date: Feb 2008 Posts: 24,271

this thread is going slow but steady

Quote

12-27-2016 , 09:58 AM

#55

pvn

Guest

Posts: n/a

the whole website should be HTTPS encrypted. there's very little reason not to do this in 2016.

Quote

12-27-2016 , 01:20 PM

#56

well named

poorly undertitled

Join Date: Jun 2007 Posts: 78,077

I recall that some years ago they attempted to implement HTTPS and the server couldn't tolerate the extra load, so they disabled it. Or maybe it was just that they explained at some point in the past that this is the reason why they didn't use HTTPS. I think the question has come up before in reference to login and the way session handling works.

The load explanation may no longer be a factor with reduced traffic? I don't know.

Quote

12-27-2016 , 02:12 PM

#57

soah

Unexpected

Join Date: Jun 2004 Posts: 61,667

The fact that it greatly increases the amount of data usage seems like a reason not to do it.

Quote

12-27-2016 , 02:21 PM

#58

Loki

binary duo

Join Date: Nov 2015 Posts: 12,772

Are https packets really that much bigger than non-https?

Quote

12-27-2016 , 02:26 PM

#59

well named

poorly undertitled

Join Date: Jun 2007 Posts: 78,077

By load I meant computational load (encrypting and decrypting) and not really bandwidth. I'm not sure the magnitude of the difference for the latter, although it's not zero. I would think most of the extra data is in the SSL handshake

Quote

12-27-2016 , 04:36 PM

#60

Morphismus

BBV Poker Player of 2022

Join Date: Feb 2008 Posts: 24,271

Quote:

Originally Posted by pvn

the whole website should be HTTPS encrypted. there's very little reason not to do this in 2016.

What is this little reason?

Regarding the encription: I get it for the login (which should be save anyway, otherwise we had hacked accounts all the time), account info pages and PMs; but the rest is public anyway, no? Or is it that you don't want people to know what you read on 2+2?

Quote:

Originally Posted by well named

All of the extra data should be in the handshake; the encoding itself is done in-place afaik.

Quote

12-27-2016 , 05:07 PM

#61

nuclear500

Carpal \'Tunnel

Join Date: Aug 2004 Posts: 10,516

The size of the packet barely changes and besides think about it, the extra bytes on your multi-megabyte per second connection is peanuts.

As mentioned its the load on the CPU to handle the cryptography. This is also why many companies use SSL off-load, typically on the device that handles load balancing between multiple servers. The certificate can exist on either server or load balancer. In cases of large traffic sites then generally the SSL is off-loaded. You don't think Google puts an SSL certificate on every single server do they? LOL

Quote

12-27-2016 , 05:26 PM

#62

Loki

binary duo

Join Date: Nov 2015 Posts: 12,772

Quote:

Originally Posted by Morphismus

i would think the concern would be maybe session hijacking or something

i would be very surprised to learn that this had happened to anyone on 2+2 more than a dozen times over the entirety of this site's existence, but i guess it's possible

Quote

12-27-2016 , 05:32 PM

#63

soah

Unexpected

Join Date: Jun 2004 Posts: 61,667

Quote:

Originally Posted by nuclear500

The size of the packet barely changes and besides think about it, the extra bytes on your multi-megabyte per second connection is peanuts.

The problem is when browsing on a poor connection. I've had some times where sites using SSL were so slow that it would time out before a page could finish loading. Meanwhile all other sites were slow but at least usable.

Also if you're using a mobile plan which charges you for bandwidth, then you'd prefer not to use up more of it than you need to.

Quote

12-27-2016 , 05:37 PM

#64

Loki

binary duo

Join Date: Nov 2015 Posts: 12,772

if the extra data from an ssl connection to a single website causes you overages, you either need a better data plan or to not waste your food money on cell phones

Quote

12-27-2016 , 11:21 PM

#65

pvn

Guest

Posts: n/a

Quote:

Originally Posted by Morphismus

It's much more than that. https://developers.google.com/web/fu...nsit/why-https

Quote

12-28-2016 , 10:48 AM

#66

ProfessorSlot

newbie

Join Date: Nov 2016 Posts: 26

Quote:

Originally Posted by Noodle Wazlib

Are https packets really that much bigger than non-https?

Yes it is much bigger Because of the added loads. Https has more security feature that it needs to load compare to the present http. Twoplustwo forum would become slow if they implement it unless certain modification on the site is made to adopt https.

Quote

01-01-2017 , 03:15 PM

#67

pvn

Guest

Posts: n/a

yes, it would require more computational power, so what? We're not talking about some insanely huge problem here. plenty of sites run 100% https nowadays.

Quote

01-01-2017 , 05:08 PM

#68

Loki

binary duo

Join Date: Nov 2015 Posts: 12,772

Maybe mason will invest the tax break he gets from trump into more computing power for the site so he can secure his users!

Hahahaha, butnaaaaahhhhhh

Quote

01-08-2017 , 06:33 PM

#69

Lurk

enthusiast

Join Date: Jul 2013 Posts: 71

I got prompted that my password was 1266 days old and therefore had to be changed when I just came to the site - has something gone wrong?

Quote

01-08-2017 , 06:40 PM

#70

The Imp

old hand

Join Date: May 2015 Posts: 1,702

Quote:

Originally Posted by Lurk

I got prompted that my password was 1266 days old and therefore had to be changed when I just came to the site - has something gone wrong?

Database got leaked.

Quote

01-08-2017 , 06:40 PM

#71

GusJohnsonGOAT

SESwamiGOAT

Join Date: Mar 2011 Posts: 15,795

Sick foreshadowing even though this is the second hacking since the thread was made.

Quote

01-08-2017 , 06:42 PM

#72

Lattimer

I is smart

Join Date: Feb 2009 Posts: 15,463

Quote:

Originally Posted by Lurk

I got prompted that my password was 1266 days old and therefore had to be changed when I just came to the site - has something gone wrong?

Yes. Read the other thread in ATF that was just made about this issue.

Quote

01-08-2017 , 06:42 PM

#73

Hellmuth was right

Pooh-Bah

Join Date: Aug 2016 Posts: 5,792

Quote:

Originally Posted by The Imp

Database got leaked.

how does something like that happen?

Quote

01-08-2017 , 06:53 PM

#74

The Imp

old hand

Join Date: May 2015 Posts: 1,702

Quote:

Originally Posted by Hellmuth was right

how does something like that happen?

Someone steals a backup. Doesn't necessarily mean the site has done anything wrong. It's happened before on 2+2 though...

Quote

01-08-2017 , 06:57 PM

#75

housenuts

1st Quartiled the 500

Join Date: Jul 2004 Posts: 49,684

Quote:

Originally Posted by The Imp

Someone steals a backup. Doesn't necessarily mean the site has done anything wrong. It's happened before on 2+2 though...

And most other forums

Quote

Page 3 of 6

First

1 2 3 4 5 6

Last

Post Reply Subscribe

...

Page 3 of 6

First

1 2 3 4 5 6

Last