I was not a proponent of the change (In fact I was one of the initial vocal tirades that hit the forums), however, I did sit down with the IT Security Administrator of the hospital that I work at and discussed this with him yesterday for close to 5 hours (yes, unproductive time and I was paid for it woot!) (for the down-cryers, I will trust a hospital security admin before anyone else in the business simply due to the requirements of the federal HIPPA (
http://www.hhs.gov/ocr/hipaa/) regulations in regards to patient information security) and what he showed me was that while it gives those of us with a enough security knowledge to be dangerous to ourselves the heebee-jeebees to not pushy-our-damned-button, it may actually provide a more secure method of logging in with regards to outside compromises (keyloggers, trojans, malware etc). It will do nothing for internal threats (mom, dad, sister, brother, pissed off spouse, pissed of girlfriend that found out about pissed off spouse, etc).
Assuming that Blizzard knows what they are doing in regards to secure network communications (which I have no reason to doubt considering they were among the first public entities to implement hardware authentication before even most banks did) then we can reasonably assume that they are collecting much more than IP, Geolocation and MAC addresses.
With their side loaded watchdog program (which runs each and every time WoW is active ... you agreed to it when you click accept on the ToU), Warden, they are able to gain access to the hardware GUIDs for each component of the computer system that it is running on now.
So how this *MIGHT* work (I have no clue if it does, it's simply what we came up with after 5 hours of arguing yesterday) is that Warden collects CPUID, MoboID, Harddrive ID, current IP address, MAC address and Geolocation coordinates and runs them together in some way. After which Warden takes the resulting alphanumeric string and does some sort of SHA-2 (
http://en.wikipedia.org/wiki/SHA-2) hashing of that long string to encrypt it and what you end up with is a 32 / 64-bit random set of alphanumerics that is pretty much close to impossible to decipher.
The first time you login from your *safe* computer you have to authenticate. This shows Blizz that you are who you say you are because of what you know (password) and what you have (authentication code). When this is good Warden transfers that encrypted hash of location / hardware IDs to Blizz and they then save it in the database containing your account information. The next time you login, Warden again generates and sends it's hash to Blizz to compare. If they match exactly, you're free to go. If they don't then you are flagged to authenticate again. Change any of those things that Blizz has chosen to create this hash of your computer / location off of, and you're flagged to authenticate. I've almost convinced myself completely that Warden's been doing this already in this way for a couple years now because I've had to reset my PW on a couple of occasions where my account was attempted to be accessed from Europe (I'm in the bakcwoods of Montana).
Before there's cries of OMG Warden's collecting personally identifiable information and Blizz is collecting it counter to what they've told us OMGWTFBBQLIES!!!!1! An SHA-2 hash cannot be reverse engineered (
http://en.wikipedia.org/wiki/SHA-2) to find your ID-able information and therefore they are not collecting it, only a hash key of that data.
This will actually increase security in regards to outside threats by limiting what is input via keyboard and sent to Blizz. However, I say outside threats, because as I've stated previously this will do nothing for internal threats such as your spouse who's mad cus she found your stash of midget pictures.
After figuring this key aspect of the system out with him (as it's the only thing they can feasibly do while still keeping the claim of "As secure as") I came to the realization that while it might be more secure, I am a creature of habit and I take comfort from the fact that no matter what I do, pushing the button and entering my code means I'm secure. I enjoy pushing my buttons, it feels good. Don't take my ability to stroke my paranoid side into submission away. Let me push my button.
Don't remove the change if this is truly how things work (location / hardware hash, completely impossible to spoof *ALL* of it and the hashes will never match) but give me the ability to force authentication each and every time I log in. In fact, meld the two if that hasn't already been put in place, and give me the option to push my button. It makes me feel special and pretty.
Reply With Quote
Originally Posted by Skwish
Bookmarks