How many people actually use ENCRYPT?

Want to help out? Need help accessing the AniDB API? This is the place to ask questions.

Moderator: AniDB

Locked
MostAwesomeDude
Posts: 38
Joined: Fri Jun 01, 2007 11:02 am

How many people actually use ENCRYPT?

Post by MostAwesomeDude » Fri Jun 29, 2007 7:57 am

Like the title says. I'm almost finished with the essential UDP base, and noticed this command. Is it commonly used (i.e., should I rewrite my UDP thread to handle it, or is it a novelty, one-off kind of thing?)

~

epoximator
AniDB Staff
Posts: 379
Joined: Sun Nov 07, 2004 11:05 am

Post by epoximator » Fri Jun 29, 2007 10:46 am

no, i doubt it is much demand for it. it was implemented in WebAOM mostly for testing. some users do use it, but probably just because it is available.

MostAwesomeDude
Posts: 38
Joined: Fri Jun 01, 2007 11:02 am

Post by MostAwesomeDude » Fri Jun 29, 2007 12:59 pm

Ah. I will put off implementing it, then. It gives me a mental image of a 25-year-old code monkey in a cubicle, surfing AniDB over an encrypted connection so he doesn't get ridiculed by the IT guys...

~

User avatar
exp
Site Admin
Posts: 2438
Joined: Tue Oct 01, 2002 9:42 pm
Location: Nowhere

Post by exp » Fri Jun 29, 2007 5:28 pm

one can't be paranoid enough nowadays }:o)

BYe!
EXP

gidler
Posts: 4
Joined: Sat Apr 15, 2006 8:03 pm

Post by gidler » Sat Jun 30, 2007 12:41 pm

it is personal data that is being transferred, so of course i use encryption if it is available.

sphere
Posts: 19
Joined: Thu Nov 16, 2006 9:33 am

Post by sphere » Thu Oct 25, 2007 3:08 am

unless I get it wrong..... the most important, which is the login message is not encrypted, right? basically, people don't have to hijack our other data. it just need our username + password, log in as a user and do whatever they want with our accounts!!!!

I kinda agree with epox that it is not really useful by itself at this point.

User avatar
exp
Site Admin
Posts: 2438
Joined: Tue Oct 01, 2002 9:42 pm
Location: Nowhere

Post by exp » Thu Oct 25, 2007 8:12 am

sphere wrote:unless I get it wrong..... the most important, which is the login message is not encrypted, right? basically, people don't have to hijack our other data. it just need our username + password, log in as a user and do whatever they want with our accounts!!!!

I kinda agree with epox that it is not really useful by itself at this point.
Huh?
Of course the login data is encrypted.

If you use encryption for an UDP API "connection", the only thing which is transmitted in plain text is:

Code: Select all

> ENCRYPT user=someuser&type=1
< 209 df38djSjf3 ENCRYPTION ENABLED
After that, all further packets are encrypted. Which means the password is not transmitted in plain text.

Your username will be visible though. However, if you've set your privacy options on AniDB acordingly there is hardly anything that can be done, if an adversary only knows your username.

The current implementation has some weaknesses though, which is why I've proposed some modifications.
http://wiki.anidb.net/w/UDP_API_DEV#ENC ... pt_Command

BYe!
EXP

sphere
Posts: 19
Joined: Thu Nov 16, 2006 9:33 am

Post by sphere » Thu Oct 25, 2007 1:49 pm

ahh.. I didn't know that... thanks for pointing out!

Locked