forum

osu! irc login security

posted
Total Posts
2
Topic Starter
XuWorlduX
Hey, I am trying to understand how osu! handels the plain text authentication for IRC.

I have tried to login with my irc credentials.
I am unable to connect using an encrypted connection (TLS / SSL).

That means my login is basically visible to everyone. All messages are in plain text.

Why do I worry about this?


Some of the IRC clients for osu! do not use encryption.
They usually rely on some IRC library which offers support for SSL/TLS and SASL.
But from the configurations I have found, they do not seem to use any of these security features.
I also tried a few of these libraries and I am unable to connect with these security configurations.
One example that I see commonly used in multiplayer: https://github.com/Meowhal/osu-ahr

The wiki does not provide details apart from the plain text authentication.

My question:

Is there a secure way to login with irc on osu! ?
Can someone point me in the right direction if there is?
fldrmaus
Hi, I have unsuccessfully tried to get an encrypted connection to the IRC as well and would like to say a few things.

XuWorlduX wrote:

I am trying to understand how osu! handels the plain text authentication for IRC.
From my research, the osu! client does not establish an unencrypted connection to irc.ppy.sh.

XuWorlduX wrote:

That means my login is basically visible to everyone. All messages are in plain text.
This seems to be only partially true. Login and messages being in plain text is correct when connecting via IRC to irc.ppy.sh. As long as you are connecting to the server from a secure network, only the network nodes directly on route could intercept the traffic - that limits "everyone" quite a bit.

I certainly share your concern and would appreciate the security SSL would bring to the connection. But in light of the discontinuation of Bancho with the new client and the seemingly negligible amount of security incidents connected to plain text IRC auth, I personally do not think this will be a thing.
Please sign in to reply.

New reply