[MUD-Dev] SSH Encryption on data stream
ceo at grexengine.com
Fri Oct 10 19:58:07 New Zealand Daylight Time 2003
Craig H Fry wrote:
> So many games are plagued by packet sniffers I often wondered why
> more companies didn't do a per-session SSH encryption on the data
> stream. Has anyone tried or is it just assumed the over head for
> packet encryption/decryption would cause a bottleneck? I'm
> seriously considering using SSH for data encryption for my data
> streams and was curious if it is worth looking into.
What's the point?
With security, first look at your threat model...
- Diablo 1 had all the client-side calculations blown open by
someone peeking at live RAM during runtime.
Second, what's your policy (how are you going to prevent these
Just guesses, but:
- 1. every client has means for checking server ID hardcoded in
to them, and this is used for the server to ID itself to the
client - 2. ...anything doesn't work because of man-in-the-middle
attacks (you MUST know who the server is)
Third, look at your implementation for the sec policy...
- 1: Well, you can have a public key for the server, that is
hardcoded into every client, and the server sends out stuff signed
with it's private key. This way every client KNOWS when it's
talking to the server, and you can build your connection happily
Finally, go back to your threat model, and check if it can defeat
your sec policy + implementation...
- Damn. Easy - I just find the bit of code in RAM that checks the
server ID, and then I replace it with a jump to some code that
just OK's EVERY server ID. Now I set up my server-in-the-middle,
and the client thinks it's talking to the server, the server
thinks it's talking to the client, and way-hey! I've got access to
So, back to the original question: What's the point? (or, if you
prefer: what are you going to do to make this work?)
Please understand I'm not saying it's impossible to do better, but
you either need to offer a better security policy than the one I've
outlined above (which is the standard one for SSH client-server
authentication, so I'm assuming that as the base case) - or you have
to offer an implementation that actually *works* in the presence of
the threat model.
MUD-Dev mailing list
MUD-Dev at kanga.nu
More information about the MUD-Dev