[MUD-Dev] Trusting the client, encrypting data

ceo ceo at grexengine.com
Thu Dec 18 10:20:13 New Zealand Daylight Time 2003

Sean Middleditch wrote:
> On Tue, 2003-12-16 at 07:19, Ola Fosheim Grøstad wrote:
>> Jessica Mulligan <jessica at mm3d.com> writes:

>>> one person has a method down, everyone will know it.  I remember
>>> once on UO we spent several weeks rewriting the encryption; it

>> I don't have any course on crypto, but I can't see how the
>> encryption itself could fail provided that you design for it. If

> The problem is, encrypting is pointless.  Encryption stops the
> data from being read/modify by someone between the two trusted
> parties.  If you're running the client on the user's machine, tho,
> then that machine is one of the trusted parties - but you're
> trying to stop the user of that machine from reading the data;
> i.e., you're automatically assuming that the person you're trying
> to stop from getting the data is a trusted party.

> If the data exists on the local machine, it will be found.  If the
> keys exist for decrypting the data on the local machine, they will
> be found. If you don't want the user to get that data, you have to
> never even send it to their machine, because once it's there, they
> can get it. Encryption will stop the people between the server and
> the user from seeing it, but that's it.  And that's not worth a
> whole lot.  Even when you *do* have a reason (such as Sony trying
> to stop ShowEQ), the users have all the information they need to
> break any and every encryption mechanism you can possibly create,
> so it's pointless.

> This exercise has been proved over and over again, both in games
> and in other industries.

Please examine the earlier posts on this topic; the suggestion was
that the keys be distributed lazily, on-demand, i.e. "just in time",
or when the data was about to be used.

You are correct in all your conclusions, but your assumptions are

  - keys would not be distributed in advance in the binaries etc.

To summarise, in security-industry speak, your highlighted problem:

  "Key management is critical; key distribution is frequently a
  non-trivial problem"

Adam M
MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list