[MUD-Dev] strong encryption for authentication

J C Lawrence claw at kanga.nu
Sat Jul 14 19:40:53 New Zealand Standard Time 2001


On Sat, 14 Jul 2001 01:19:54 -0400 
Jon Lambert <tychomud at ix.netcom.com> wrote:
> J C Lawrence wrote:

>> The next problem is that all of this analysis is resting on
>> quicksand.  The client is in the hands of the enemy.  It not only
>> can't be trusted, we can implicitly assume that it has not only
>> been compromised by the player, but also by any other party with
>> even a mild interest.
 
> The server is also in the hands of the enemy.  

True, tho few architects CIOs are readily willing to admit that.
Raphp's and other's comments on the physical security measures taken
for game servers would also seem to apply here.

Its also a smaller and more controllable problem space.  

In the case of credit cards one thing I have seen done is to
insta-crytp the data with the clearing house's key upon receipt.
Tht leaves a window of opportunity between receipt and crypt, but it
can be a small one, and can actively guarded.

> Just take one of the compelling reasons for security; to prevent
> credit card fraud.  I don't know if this is common knowledge or
> not, but by far most credit card fraud is perpetrated by employees
> of the vendor receiving the card number!

I don't doubt this in a bricks'n'mortar business, but doubt the stat
holds true for e-commerce.

--
J C Lawrence                               ("`-''-/").___..--''"`-._         
---------(*)                                 `6_ 6  )   `-.  (     ).`-.__.`)
claw at kanga.nu                               (_Y_.)'  ._   )  `._ `. ``-..-'  
http://www.kanga.nu/~claw/                _..`--'_..-_/  /--'_.' ,'         
I never claimed to be human             (il),-''  (li),'  ((!.-'           
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev



More information about the MUD-Dev mailing list