AniDB

AniDB Archive Forum
https://forum.anidb.net/

How many people actually use ENCRYPT?

https://forum.anidb.net/viewtopic.php?f=11&t=6155

Page 1 of 1

How many people actually use ENCRYPT?

Posted: Fri Jun 29, 2007 7:57 am
by MostAwesomeDude
Like the title says. I'm almost finished with the essential UDP base, and noticed this command. Is it commonly used (i.e., should I rewrite my UDP thread to handle it, or is it a novelty, one-off kind of thing?)

~

Posted: Fri Jun 29, 2007 10:46 am
by epoximator
no, i doubt it is much demand for it. it was implemented in WebAOM mostly for testing. some users do use it, but probably just because it is available.

Posted: Fri Jun 29, 2007 12:59 pm
by MostAwesomeDude
Ah. I will put off implementing it, then. It gives me a mental image of a 25-year-old code monkey in a cubicle, surfing AniDB over an encrypted connection so he doesn't get ridiculed by the IT guys...

~

Posted: Fri Jun 29, 2007 5:28 pm
by exp
one can't be paranoid enough nowadays }:o)

BYe!
EXP

Posted: Sat Jun 30, 2007 12:41 pm
by gidler
it is personal data that is being transferred, so of course i use encryption if it is available.

Posted: Thu Oct 25, 2007 3:08 am
by sphere
unless I get it wrong..... the most important, which is the login message is not encrypted, right? basically, people don't have to hijack our other data. it just need our username + password, log in as a user and do whatever they want with our accounts!!!!

I kinda agree with epox that it is not really useful by itself at this point.

Posted: Thu Oct 25, 2007 8:12 am
by exp
sphere wrote:unless I get it wrong..... the most important, which is the login message is not encrypted, right? basically, people don't have to hijack our other data. it just need our username + password, log in as a user and do whatever they want with our accounts!!!!

I kinda agree with epox that it is not really useful by itself at this point.
Huh?
Of course the login data is encrypted.

If you use encryption for an UDP API "connection", the only thing which is transmitted in plain text is:

Code: Select all

> ENCRYPT user=someuser&type=1
< 209 df38djSjf3 ENCRYPTION ENABLED
After that, all further packets are encrypted. Which means the password is not transmitted in plain text.

Your username will be visible though. However, if you've set your privacy options on AniDB acordingly there is hardly anything that can be done, if an adversary only knows your username.

The current implementation has some weaknesses though, which is why I've proposed some modifications.
http://wiki.anidb.net/w/UDP_API_DEV#ENC ... pt_Command

BYe!
EXP

Posted: Thu Oct 25, 2007 1:49 pm
by sphere
ahh.. I didn't know that... thanks for pointing out!
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited