[MUD-Dev] Trusting the client, encrypting data
ceo at grexengine.com
Thu Dec 18 10:20:13 New Zealand Daylight Time 2003
Sean Middleditch wrote:
> On Tue, 2003-12-16 at 07:19, Ola Fosheim Grøstad wrote:
>> Jessica Mulligan <jessica at mm3d.com> writes:
>>> one person has a method down, everyone will know it. I remember
>>> once on UO we spent several weeks rewriting the encryption; it
>> I don't have any course on crypto, but I can't see how the
>> encryption itself could fail provided that you design for it. If
> The problem is, encrypting is pointless. Encryption stops the
> data from being read/modify by someone between the two trusted
> parties. If you're running the client on the user's machine, tho,
> then that machine is one of the trusted parties - but you're
> trying to stop the user of that machine from reading the data;
> i.e., you're automatically assuming that the person you're trying
> to stop from getting the data is a trusted party.
> If the data exists on the local machine, it will be found. If the
> keys exist for decrypting the data on the local machine, they will
> be found. If you don't want the user to get that data, you have to
> never even send it to their machine, because once it's there, they
> can get it. Encryption will stop the people between the server and
> the user from seeing it, but that's it. And that's not worth a
> whole lot. Even when you *do* have a reason (such as Sony trying
> to stop ShowEQ), the users have all the information they need to
> break any and every encryption mechanism you can possibly create,
> so it's pointless.
> This exercise has been proved over and over again, both in games
> and in other industries.
Please examine the earlier posts on this topic; the suggestion was
that the keys be distributed lazily, on-demand, i.e. "just in time",
or when the data was about to be used.
You are correct in all your conclusions, but your assumptions are
- keys would not be distributed in advance in the binaries etc.
To summarise, in security-industry speak, your highlighted problem:
"Key management is critical; key distribution is frequently a
MUD-Dev mailing list
MUD-Dev at kanga.nu
More information about the MUD-Dev