[MUD-Dev] strong encryption for authentication

Kwon Ekstrom justice at softhome.net
Sat Jul 14 21:47:41 New Zealand Standard Time 2001

From: "F. Randall Farmer" <randy.farmer at pobox.com>
>> Kwon Ekstrom wrote:

>> I'd like to point out that this thread seems to be degenerating,
>> the points of encryption I've noticed is:

> I'd like to add CONs and comment on some confusion with a few of
> the

> PROs.

>   CON:

>     Encrypting everything can lead to lazy game security design It
>     can mislead customers into thinking that communications are
>     private, when they aren't

> Honestly, some of the PROs listed (though not promoted) so
> succinctly by Kwon are not real!

I'd like to point out that the majority of the pros listed are NOT
IMHO correct usage of encryption.  I'm in favor of using encryption
only when confidentiality is especially important.  Such as
passwords or financial data (I'm not running a pay game so the
latter isn't a factor for me)

> Once the packets arrive at the computer, they are decrypted and
> used in the clear.  So what that you need SOFTICE or GAMEWSHARK
> instead of a packet sniffer; the hackers have your packets just
> the same and know what is in them.

That causes it's own problems, but I'm not a fan of wasting
bandwidth by sending data that I don't want the end user to
retrieve.  Please note again that the original message was about ssh
tunneling for telnet, telnet being plain text, all data is displayed
directly to the end user.  For a proprietary client/server base you
may wish to protect your protocol, in which case this is a problem.

> If you're talking about man-in-the-middle attacks (people stealing
> your packets), that's one thing. Most of our products don't have
> this problem (Tamzen's exception noted.)

Under the original thread's tunneling scheme, this would be the type
of attack it prevents, and I agree, it's not a problem worth the
overall performance hits, and programming hours.  There are of
course exceptions to this (as mentioned above)

> It's another thing entirely to believe that hidden game
> information remains "hidden" once it arrives at the client. If the
> information isn't safe for a user's machine to know, the server
> shouldn't send it. Period. Sending a game map of all enemy
> positions to all players encrypted does nothing to prevent hacking
> and "cheating". Likewise, adding encryption to messages that
> contain information the player shouldn't doesn't help much
> either. :-)

See above

> Ask yourself the following questions before your declare that
> "more encryption is better, always": What is the threat model? 
> What is the

When did I say more encryption is better, always?  If I remember
correctly I said: "As every other tool, it's just a tool, use it
when you need it, but otherwise put it back in the box"

Make extra note of "when you NEED it"...

-- Kwon Ekstrom

MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list