Does KoLmafia Transmit Credentials Securely?

Alerts01

New member
Hello,

I'm brand new to KoLmafia and have not been able to find a wiki article or forum post that addresses the title question:

Does KoLmafia transmit credentials securely?

And as a follow-up, how are they transmitted? HTTPS?

I apologize if this subject has already been written about, but thank you in advance for any information you can share.
 

Crowther

Active member
A while back, KoLmafia began forcing all http requests to use https instead, but I think connections to KoL have been https for a long time.
 

Veracity

Developer
Staff member
Yes.

KoL used to login over HTTP with a challenge/response system and an MD5 encoded password

They added an HTTPS login method which simply transmitted the password in plain text over HTTPS. We adapted and allowed users to use either method; for testing, I always used the experimental HTTPS code. It worked fine.

Then KoL forced HTTPS login and KoLmafia did so too.

And now its all HTTPS. I don't remember that, but DEBUG logs indicate it is so.
 
Top