Jump to content
Stake Forum
blueprints

Concern with Dinabot Addressed

Featured Comment

*UPDATE* Lupa has given Great answers to all of my questions so i feel reassured and comfortable again with using dinabot!  

If interested theres the link to the update notes, below is my questions but you can just skip to her answers below my posts.  

---

*Original post*
Many have seen Dinabot in chat, and know its a third party exchange service for exchanging in stake chat. Its not owned by Stake. 

Recently theres been an update to the site that controls Dinabot, Cyptogamblers.pub that requires everyone to register along with an email in order to use Dinabot now. 

This has raised a concern i have for the safety of players accounts, specifically for those who use the same passwords for other accounts. Someone could carelessly use a username and password that is identical to their stake account, and/or identical to their Email and Email password. 

This site also now requires you to verify ownership of your stake account, which then connects (not literally) your account to the account in cryptogamblers.pub. So if a hacker ever gets a hold of the passwords and usernames in cryptogamblers.pub they will have an easy time testing which accounts are using the same password on stake, on other gambling sites, and also testing if their emails use the same password. 

Share this post


Link to post
Share on other sites

I was afraid of the first part  where sites use those kinds of technique to gather usernames and passwords for sites. that's why i use different passwords persite and keep a hard copy of a list of all my passwords in a notebook in my room. This is an old school technique but much better security than 2fa to me. haha

It is good to hear that they are not storing credentials there, but how is that possible? When you need to enter an exact username and exact password to access a certain account. I'm not a programmer or anything but, can anybody clarify this to me?

Share this post


Link to post
Share on other sites
1 minute ago, ceastem said:

I was afraid of the first part  where sites use those kinds of technique to gather usernames and passwords for sites. that's why i use different passwords persite and keep a hard copy of a list of all my passwords in a notebook in my room. This is an old school technique but much better security than 2fa to me. haha

It is good to hear that they are not storing credentials there, but how is that possible? When you need to enter an exact username and exact password to access a certain account. I'm not a programmer or anything but, can anybody clarify this to me?

I am also wondering the same thing.  Hope someone knowledgable on the subject can provide explanation on this. 

Share this post


Link to post
Share on other sites

I will try to explain it as simply as I can :D

When you are registering, and entering, for example, username "blahblah" and password "bluhbluh", system at first hashing password (and getting smth similar to "0b7871d596654fgh3f4fgvky54d1fbe4bd0db57aafd3d9d11f0ea4f5e45e624020a4"), then sends to our server only username and hash (no password!) and recording that.

When your are trying to login, system is hashing your entered password again. If it was exactly same, it will create exact same hash, so system will match it with database entry, and allow you to login. If at least one symbol was different, it will create different hash, so you will get error "wrong password" and won't be allowed to login.

Share this post


Link to post
Share on other sites

Lel... well, if someone uses the same username and password for everything.. then ya, that’s just inviting trouble.. there are so many ways to keep your passwords and accounts privately stashed and auto filled.. there’s no need to use identical credentials so it’s easier to remember.. your device apps or browser will remember for you xD 

Share this post


Link to post
Share on other sites
14 minutes ago, lupandina said:

I will try to explain it as simply as I can :D

When you are registering, and entering, for example, username "blahblah" and password "bluhbluh", system at first hashing password (and getting smth similar to "0b7871d596654fgh3f4fgvky54d1fbe4bd0db57aafd3d9d11f0ea4f5e45e624020a4"), then sends to our server only username and hash (no password!) and recording that.

When your are trying to login, system is hashing your entered password again. If it was exactly same, it will create exact same hash, so system will match it with database entry, and allow you to login. If at least one symbol was different, it will create different hash, so you will get error "wrong password" and won't be allowed to login.

Thank you very much! this helped a lot and i trust your site more now.

 

2 minutes ago, KiXxnTRiXx said:

Lel... well, if someone uses the same username and password for everything.. then ya, that’s just inviting trouble.. there are so many ways to keep your passwords and accounts privately stashed and auto filled.. there’s no need to use identical credentials so it’s easier to remember.. your device apps or browser will remember for you xD 

well even if you save it to your browser, what will happen if your device gets broken and you can remember some passwords but not all? that's why people often use identical passwords so that it is easier to remember, although this will invite trouble for hackers, it is still very convenient.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×