Security of NS2 keys during testing

GoPostalManGoPostalMan Join Date: 2010-04-08 Member: 71216Members
I can't help but think there might be security issues we might be overlooking because of the awesomeness that is the NS2 engine test. So let me just break it down in what i know thus far:

1: We had to use our keys before we played the first time. This key has to be stored somewhere on our pc... maybe in a lua file.
2: There is active steam code in the engine test. I'm not sure what is affected via steam or NS2, but the fact that it is necessary for us to login to our steam account before being able to play the engine would suggest the "key" is already being utilized for NS2 or Steam.
3: Anyone can make server right now. Any "smarter than average" person can easily sniff packets between server/client. If our key is in any way used to authenticate the connection, i assume that would risk our key being stolen?

Of course i'm being a little extreme. Everyone currently testing HAVE pre-purchased NS2.. so there isn't TOO MUCH value in obtaining another key, but the reasoning is 50/50, and question is still there, are we at risk?

Comments

  • FocusedWolfFocusedWolf Join Date: 2005-01-09 Member: 34258Members
    I think your assuming that the keys are traveling to the custom server for authentication. That doesn't make any sense (although anythings possible). Most likely the key travels straight from your computer to the NS2 auth server... not to the custom server.

    Hopefully they encrypt the keys on the pc also.
  • GoPostalManGoPostalMan Join Date: 2010-04-08 Member: 71216Members
    <!--quoteo(post=1765522:date=Apr 10 2010, 05:20 PM:name=FocusedWolf)--><div class='quotetop'>QUOTE (FocusedWolf @ Apr 10 2010, 05:20 PM) <a href="index.php?act=findpost&pid=1765522"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->I think your assuming that the keys are traveling to the custom server for authentication. That doesn't make any sense (although anythings possible). Most likely the key travels straight from your computer to the NS2 auth server... not to the custom server.

    Hopefully they encrypt the keys on the pc also.<!--QuoteEnd--></div><!--QuoteEEnd-->

    Yea 3 is normally not the case in any game as the key is really to authenticate the use of the app and nothing more (with the exception of a maybe global server needing to auth the key for multiplayer privs..) I was writing 3 thinking of a different scenario.
  • FiyastoneFiyastone Join Date: 2006-10-31 Member: 58134Members
    <!--quoteo(post=1765505:date=Apr 10 2010, 08:45 PM:name=GoPostalMan)--><div class='quotetop'>QUOTE (GoPostalMan @ Apr 10 2010, 08:45 PM) <a href="index.php?act=findpost&pid=1765505"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->1: We had to use our keys before we played the first time. This key has to be stored somewhere on our pc... maybe in a lua file.<!--QuoteEnd--></div><!--QuoteEEnd-->
    <!--quoteo(post=1765522:date=Apr 10 2010, 09:20 PM:name=FocusedWolf)--><div class='quotetop'>QUOTE (FocusedWolf @ Apr 10 2010, 09:20 PM) <a href="index.php?act=findpost&pid=1765522"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->Hopefully they encrypt the keys on the pc also.<!--QuoteEnd--></div><!--QuoteEEnd-->

    The key is stored unencrypted on the machine in the registry... HKEY LOCAL MACHINE > SOFTWARE > Natural Selection 2 > Key

    Makes it easy to activate the engine test when you don't have to search through what date you received your key in e-mail XD
Sign In or Register to comment.