[MUD-Dev] strong encryption for authentication

Fred Clift fclift at verio.net
Fri Jul 13 11:28:10 New Zealand Standard Time 2001

On Thu, 12 Jul 2001, Fred Clift wrote:

> Oh, and I'd love to get my hands on some crypto software -- It'd
> definitely be a fun toy :).

Uh - I mean hardware -- I have plenty of software :).

My main motivation here is to not allow someone to leverage mud
access into local shell access (and thence into root access on the
box).  I have tools in my mud that (if I have bugs in my software)
could be used to change files/state on the server, outside the mud
(ie db acccess, load/save of mob scripts etc).  I dont think there
are holes, but I've been wrong many many times before.

stelnet options would be a good place to start, or perhaps whipping
up an easily installable proxy, or just allowing connections on a
seperate port from either ssh or ssl'd connections.  It is fairly
easy to set up either kind of tunnel and this would be a 'nich'
feature that not everyone would use.

For now, I ssh to the box and run a client there connecting to
localhost -- probably good enough for me, but I know some players
who would like it.

I might try and convince the administrative people on the mud to
always use encrypted connections.... Or at least not use the same
password for shell access that they use for their mud logins :)


Fred Clift - fclift at verio.net -- Remember: If brute 
force doesn't work, you're just not using enough.

MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list