[MUD-Dev] strong encryption for authentication

Sean Kelly sean at ffwd.cx
Wed Jul 11 09:59:21 New Zealand Standard Time 2001

From: "Caliban Tiresias Darklock" <caliban at darklock.com>
> On Tue, 10 Jul 2001 09:39:12 -0600 (MDT), Fred Clift
> <fclift at verio.net> wrote:

>> Anyone working on something like this?

> I thought about this at great length, and then it occurred to me:

> It's a GAME.

> Why the hell would you want to encrypt it?

> Basically, I started thinking about all the people this would lock
> out of the game. People who didn't have the right
> encryption. People who didn't understand encryption. People who
> didn't like encryption. And no matter how much thought I put into
> it, I could not think of one single reason why people would give
> two tin shits in a wicker basket whether the game was
> encrypted. Nothing made sense. I came up with all sorts of
> concerns about privacy and security which, when you came right
> down to it, really didn't *matter* on a game. For a business
> conference, yeah, I could see that making sense. But it's a GAME.

> I did have a distinct problem with *forcing* people to send
> passwords in the clear, so I devised an optional cookie-based OTP
> scheme for that.  But beyond that, I couldn't see any legitimate
> justification for wasting the CPU power necessary to encrypt

> So I'd pose this question, to which I would honestly like to hear
> the answer: what *possible* reason have you identified as a
> compelling justification for encryption? Because I really couldn't
> think of anything. Did I miss something?

You've mentioned authentication.  Besides that, some game designers
like the idea encrypting their communication stream to make it more
difficult for motivated players to sniff the protocol, either for
cheating or other reasons.  Another might just to be to address
privacy concerns.  Just because personal communications occur in a
game doesn't make them any less personal.

Still, Bruce Schneier discusses this in detail in his latest book
and the bottom line is that users like security so long as it
doesn't inconvenience them basically at all.  I think people would
be all for encryption so long as it was transparent.  Transparency
is the main reason encryption has never become popular for email
communications, even though most people have heard just how public
non-encrypted email is.  If you provide encryption, either build it
into the client, or provide a telnet option as well.  This way,
players who don't care or don't understand aren't shut out of the


MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list