Quote:
|
If someone had the encrypt/decrypt functions said person could easily write a little sniffer that decodes the passwords from players logging into EQLive.
|
It's not Emu's job to save the SOE devs from their own stupidity. There are plenty of asymmetric encryption algorithms out there, many that have been out for so long their patents have expired or are about to expire. With an asymmetric algorithm, you can know every single piece of math that algorithm does, but no, you're
still not gonna be able to decrypt a piece of traffic going across the wire. If SOE chooses not to take advantage of one of these algorithms, the project need not suffer because of their laziness.
That said, I brought this up before, and was told that minilogin is able to be considered a third party program much like the packetcollector or the other stuff various peeps are making in the Third Party Tools forum, and as such they are not required to give the source. At least that's what I made out of 1 or 2
meaningful sentences of Image's response, before he degenerated into his standard "You're a retard and a poo poo face for bringing this up."
To clarify how the login server works in the whole scheme -- the only time you're talking to the login server is while you're authenticating and getting the server select screen. After you pick one of the servers and connect to it, the logon server plays no further role in your communication.