Campaign Security

[Bale Nomad]

Zacchaeus: thanks for trying a test to try to repeat the problem.

All: I am not saying the sky is falling, so please don't denigrate you or me with flame messages. That wouldn't be helpful to anyone.

I conducted several tests and developed a series of repeatable ones to demonstrate when the campaign password field does and does not work. I emailed the full text of those tests along with my general security concerns to the support department.

Given the campaign password is stored in plain text, I got a little concerned about my Smite Works username and password. When I didn't find it in the file system, I went digging in the registry. I was relieved to find the password hashed in the registry. This still leaves me with some concern about the campaign passwords.

If you haven't watched this video, please do so: https://www.youtube.com/watch?v=7U-RbOKanYs

Yes, I used my time to manually investigate these issues. Yes, hackers wouldn't waste their own time to do what I did. They have drone programs that do the work for them. My concern is that a drone program, not a human being, could go snooping through a GM's computer and find the clear text passwords in the campaign data files. The problem isn't that hackers might go barging into FG2 gaming sessions. The problem is that hackers' drone programs could harvest more clear text passwords that people are actually using to add to their growing databases. This is what the majority of people don't get.

I'm not saying that FG2 does or does not have vulnerabilities. I'm not saying that hackers will leverage FG2 as a direct attack vector. I am saying that uninformed GMs could be contributing to the larger hacking problem. It wouldn't take long for a drone program to harvest these clear text passwords if a GMs computer were to be infected.

So far I like the program. I hope it has continued success. I also hope its users will become better informed.

Since the only real purpose of the campaign passwords is to keep unwanted players out, and since we know they are stored in clear text, then feel free to make it as common a thing as you want. Make it your middle name, your birthdate, your high school mascot's name ... whatever. Just don't make it something that you would EVER actually use for something serious, like your bank account.

If Smite Works decides to hash the campaign passwords, that would be a good idea. If you forget it, so what! It's your computer, and it's an XML file. You can simply delete the password tags from the XML file and then change it in the program to something new.

[damned]

Zacchaeus: thanks for trying a test to try to repeat the problem.

All: I am not saying the sky is falling, so please don't denigrate you or me with flame messages. That wouldn't be helpful to anyone.

I conducted several tests and developed a series of repeatable ones to demonstrate when the campaign password field does and does not work. I emailed the full text of those tests along with my general security concerns to the support department.

Given the campaign password is stored in plain text, I got a little concerned about my Smite Works username and password. When I didn't find it in the file system, I went digging in the registry. I was relieved to find the password hashed in the registry. This still leaves me with some concern about the campaign passwords.

If you haven't watched this video, please do so: https://www.youtube.com/watch?v=7U-RbOKanYs

Yes, I used my time to manually investigate these issues. Yes, hackers wouldn't waste their own time to do what I did. They have drone programs that do the work for them. My concern is that a drone program, not a human being, could go snooping through a GM's computer and find the clear text passwords in the campaign data files. The problem isn't that hackers might go barging into FG2 gaming sessions. The problem is that hackers' drone programs could harvest more clear text passwords that people are actually using to add to their growing databases. This is what the majority of people don't get.

I'm not saying that FG2 does or does not have vulnerabilities. I'm not saying that hackers will leverage FG2 as a direct attack vector. I am saying that uninformed GMs could be contributing to the larger hacking problem. It wouldn't take long for a drone program to harvest these clear text passwords if a GMs computer were to be infected.

So far I like the program. I hope it has continued success. I also hope its users will become better informed.

Since the only real purpose of the campaign passwords is to keep unwanted players out, and since we know they are stored in clear text, then feel free to make it as common a thing as you want. Make it your middle name, your birthdate, your high school mascot's name ... whatever. Just don't make it something that you would EVER actually use for something serious, like your bank account.

If Smite Works decides to hash the campaign passwords, that would be a good idea. If you forget it, so what! It's your computer, and it's an XML file. You can simply delete the password tags from the XML file and then change it in the program to something new.

As its a password that you share with players it should only ever be a simple/easy/shareable password. It should not be one that you ever use anywhere else.

[Nickademus]

I appreciate the information, and found the video entertaining. Though I really think we are talking about apples and oranges here even though both are called passwords. I don't know anyone that would use a complex secure password for an FG game. It might be true that some of the people I play with use simple passwords for important things, but that is a bad habit that I would tell them to stop if I found out (and has nothing to do with the FG password).

[Trenloe]

The campaign password is purely used to stop players joining a FG session which you don't want players to join - for example, you're doing prep or development and you don't want your players joining early: use a simple campaign password the players won't guess. Or, in the rare occasion that you may need to block a previous player from your session, use a simple campaign password or change the one you used previously.

Getting access to one of your campaigns (only when the GM has it running) doesn't give a potential hacker much access to your system beyond being annoying in the FG chat window and rolling lots of dice. The FG devs specifically limit the LUA libraries available in FG (e.g. no direct file access) and are very aware of keeping the FG functionality locked down in terms of what could be done if someone managed to get too much access to FG. For example, players can't control what code is available in a FG session - the GM has complete control over that based off the ruleset and extensions they load before starting the campaign, more code cannot be loaded/modified once the campaign has started.

So, whereas at a purely theoretical level, passing plain text passwords over the Internet, or storing those values unencrypted in a text file, is not a good thing. In this case - a simple password to allow/restrict access to a very security conscious application (not the computer it is running on), is nothing to get too concerned about IMHO.

[LordEntrails]

I think Bale's concern, and one I see value in, is that people may use a password in FG that they use elsewhere for something actually important.

Now, all of us that frequent this forum and are interested in this topic are probably aware enough of the issues in doing such. And wouldn't contribute to the concern.

But, that doesn't mean doesn't mean the issue doesn't impact our society at large. Or that there is value in considering changing how things are done in FG to help, in a little way, the "greater good".

[damned]

I think Bale's concern, and one I see value in, is that people may use a password in FG that they use elsewhere for something actually important.

Now, all of us that frequent this forum and are interested in this topic are probably aware enough of the issues in doing such. And wouldn't contribute to the concern.

But, that doesn't mean doesn't mean the issue doesn't impact our society at large. Or that there is value in considering changing how things are done in FG to help, in a little way, the "greater good".

That campaign lock password is never transmitted over the internet by the GMs machine - only be a player connecting to the GMs computer.
If you give someone your password so they can connect you have already given your password away.

And Bale Nomad dont worry - no one is denigrating you or your comments or trying to start a flame war.