I was using Hearthbuddy, but, I've not touched Demonbuddy in months, I don't even own a copy of Demonbuddy any more. Obviously, it's never a good sign to see a bot with negative running time that you're not running, so, I'm going to assume it's a bug, but, I'd still like to be sure my BuddyAuth/BuddyKey isn't compromised.
Actually, I just realized this isn't even my key:- This key starts with 55, my key starts with 6l:- It would appear as though there's some sort of database lookup error surrounding my account. EDIT:- Just tested Demonbuddy with this phantom key (I assume it's someone else's legitimate key):- It does auth me, compared to running with a fake key:- So, yeah, database lookups and leaking serial keys. *Yay*. I'd change the key for the other user (As now, theoretically, I have it), work out the issue, and, hope to god it's not a global issue with everyone's serials being leaked. For reference, considering the serial is 20 hex-bytes long, and, I've given away the first 12 bits (Plus a sha512sum of a salted version of the serial, which I've since removed), that's sixty eight bits worth of entropy, not amazing, but, enough to actually break it, so, staff really should go about changing this user's serial key, for security of both me knowing it, and, what I've posted.
