GW logon security question
ggShaquira
If i use GW on my own laptop, on someone else's wifi connection, can the logon information be captured or is it encrypted?
mario910
Not rly. Login informations are encrypted in packets.
caballo_oscuro
@ggShaquira: If you use WPA/WPA2 the connection between your laptop and the wireless router is encrypted, and decrypting them would be very difficult. If you're on unencrypted wifi then all packets are in the clear. If guildwars decides to use some further encryption of your login data at the login process, the same way your hotmail/yahoo/gmail uses, it will encrypt your data using ssl which is then further encrypted by your wireless card until it reaches the wireless router. The two levels of encryption would be separate. Read about the ISO OSI reference model. Data can be encrypted potentially at each level of the model.
@mario910: Packets are simply a way of describing how data is broken up into chunks. It doesn't mean that there is any encryption. Encryption is performed by the particular protocol in place, such as https, which uses ssl to encrypt your data which is then broken up into packets either by the TCP or UDP protocols which transport your data, which is encapsulated in Ethernet frames to transport to your router and from there, de-encapsulated in Ethernet frames and then re-encapsulated to be sent down your DSL/Cable/Fibre network your provider gives you. So no, data is not encrypted in packets. Individual packets can contain data which has been encrypted by a protocol using an algorithm.
@mario910: Packets are simply a way of describing how data is broken up into chunks. It doesn't mean that there is any encryption. Encryption is performed by the particular protocol in place, such as https, which uses ssl to encrypt your data which is then broken up into packets either by the TCP or UDP protocols which transport your data, which is encapsulated in Ethernet frames to transport to your router and from there, de-encapsulated in Ethernet frames and then re-encapsulated to be sent down your DSL/Cable/Fibre network your provider gives you. So no, data is not encrypted in packets. Individual packets can contain data which has been encrypted by a protocol using an algorithm.
Draca
@caballo_oscuro even tho a network is wpa2-aes secured you can still arp-spoof if you are the owner or a user on the network that would still allow you to see all traffic on the network.
edit: I'm very sure that gw does not use ssl since the ssl handshake does not show up on a packet capture.
@OP I don't think the connection is highly encrypted but gw does not use a plain text format like http and ftp does. That makes it way harder to get then passwords on the web. That also makes that a attack would have to actively look for gw packets.
edit: I'm very sure that gw does not use ssl since the ssl handshake does not show up on a packet capture.
@OP I don't think the connection is highly encrypted but gw does not use a plain text format like http and ftp does. That makes it way harder to get then passwords on the web. That also makes that a attack would have to actively look for gw packets.
mario910
As Draca said, I meen text in packets is not sent as simple text. Ofc it is possible to read that data from packets (as we saw it in GWLP for eg.) but it is not easy and common person who can capture data packets can't do this.
ggShaquira
I think my question is answered.
I was thinking of using my GW on a hotel network so the owner will not know what to look for in advance.
So i guess i do not run a great risk of getting my account hacked by doing so
Thanks
I was thinking of using my GW on a hotel network so the owner will not know what to look for in advance.
So i guess i do not run a great risk of getting my account hacked by doing so
Thanks