Demigod Forums
If you go to My Documents --> My Games --> Demigod, there's a file called games.pref.
In that file, it stores your Impulse password unencrypted. If your system is hacked or if you share your computer with inquisitive people, this is a serious security breach. Demigod should hash that password before storing it, at the very least.
It's supposed to be getting fixed, hopefully in this upcoming patch.
You can encrypt it all you want. If your system is tainted, any malware can simply install a keylogger.
It does not matter whether the program reads the password from that file, from memory or simply waits for you to type it in. You need to prevent the infection in the first place.
Storing your passwords locally without a master-password to protect them is never secure. For example in Firefox or IE, when you let them store your login data, those infos can easily be retrieved again by potential malware. So "encrypting" that stuff really only gives you a false sense of security.
It's always a false sense of security, isn't it? I mean, the Department of Defense invests millions in securing its systems and they still get hacked. Any computer system hooked up to the internet is insecure, plagued by a false sense of security.
That being said, there are still degrees of security. Would the DoD ice always protect me 100%? No. But I'd still love to have it.
Will encrypting my Demigod passwords protect me from a moderately experienced and dedicated intruder? No. But I'd still love to have it. For example, it would keep an amateur like my nephew from visiting and pulling up my password. He wouldn't know how to reverse a hash but he can open a file in notepad.
Hashing a password is a low-effort activity that would protect me from casual intruders. It's a basic, standard practice that Demigod should follow.
Welcome Guest! Please take the time to register with us.