Hurray! Another multiplayer clone project. :)

[jrb00001]

1. Every time the universe is generated there is a new key generated for encryption on server side.

No problem.

2. Once the client connects to the server he will receive the key(I'll make sure this works)

The client will accept the key without verifying it? Useless because a MITM attack would be possible and the attacker could decrypt the password. How do you want to verify the key?

• The user has to get the certificate from somewhere else (eg. webpage, forum, usb key, ...) --> Safe but inconvenient.
• Certificate Authority --> Safe but you will have to operate a CA and sign all certificates manually.
• Cache the public key and trust after the first connection. --> Same problem for the first connection.
• Show the public key to the user and let he decide. --> Unsafe because most users will click "Yes" and do not know the consequences.

1. How to encrypt a password using a key?

An example found using google: http://www.informit.com/articles/articl ... 7&seqNum=4 Look at listing 3-6 for the asymmetric encryption.

2. What is a key? An integer? a String?

There is a private key and a public key. The private key is a huge number (eg. 4096 bits long). The public key has to match the private key.

[kcd.Spektor]

The client will accept the key without verifying it? Useless because a MITM attack would be possible and the attacker could decrypt the password.

How will the attacker find the server key? It can be hidden in all other info data that the server is sending to the client.

Can you give me a common example of a key?

And what about having 1 key hardcoded for everyone?

[jrb00001]

Symmetric encryption is useless because it has to be the same key on all servers and clients.

Why is this useless?
Why not have the key hardcoded somewhere?

And what about having 1 key hardcoded for everyone?

If everyone has access to the key it is not private. As the name says, the private key must be private.

How will the attacker find the server key? It can be hidden in all other info data that the server is sending to the client.

That sounds like security through obscurity (https://en.wikipedia.org/wiki/Security_ ... _obscurity). Very unsafe because the attacker could use your own program to extract the key from the data.

Can you give me a common example of a key?

Symmetric key (256 bit AES encoded as hex):

Code: Select all

107358B13BAAAC4FE253A4A933907B25D88B1F2D9598F968FAFFF04059E286F6

Asymmetric private key (512 bit RSA encoded as hex):

Code: Select all

30820153020100300D06092A864886F70D01010105000482013D308201390201000241008564CA0A80A50A334954A7C8E4E769E90A41441ECFC91B350C71DDC0F9E63EDB6971D149AEBD1D4F42245F6A507B455475E037F35281083348E1F38F28F8DF83020301000102402BF3CBC6AE20B33DB6D9D7F70FC558565AF4AA5764ABA4F553C66904DED288BF152921BBD780BFD2A940E7F08B8B43EDCE64EBD2B2B86506BCC742FF880682A1022100BE2F7394D1A1CA7302081B4B7040DBA5EFC7CC233AF022469F7ED048ED76324B022100B38E284080AD50E02C6F9E095A62C623A0069CB53EDD5DE8A82D9432722984A90220654EA584DA7E12775CD7B0A268B343CD8A82A54D06F22F6FEB3A03FD34F0C72D022073E38DD14BFC11160F381F5D540C2A6C75EDAE9940B0E9DAAF2973DC3758DAB9022022982C61ACA8C858BE180CA85DE2CEC12900FD471D226592E4E579602C5931C6

Asymmetric public key (512 bit RSA encoded as hex):

Code: Select all

305C300D06092A864886F70D0101010500034B0030480241008564CA0A80A50A334954A7C8E4E769E90A41441ECFC91B350C71DDC0F9E63EDB6971D149AEBD1D4F42245F6A507B455475E037F35281083348E1F38F28F8DF830203010001

As I said, keys are just huge numbers. Good RSA keys have a size of at least 4096 bits.

[kcd.Spektor]

If everyone has access to the key it is not private. As the name says, the private key must be private.

Still don't get it.
Why is having 2 private keys, that are the same for server and client, hardcoded, not being sent anytime anywhere, is a bad thing?

[kartoFlane]

Why is having 2 private keys, that are the same for server and client, hardcoded, not being sent anytime anywhere, is a bad thing?

It'd still be security through obscurity, as mentioned by jrb. At some point someone will notice (either by bytecode/memory inspection or outbound packet traffic inspection) that everyone has the same private key and your entire security system falls apart. Suddenly anyone and everyone can impersonate the server.

Here's a pretty good layman-friendly explanation of the concept.

If everyone has their own, unique private key, it can still be found out using the same methods, but we assume that the user won't be interested in finding out their own key and putting it up for everyone to see. MITM attacks should be ineffectual because the primes used to encrypt are so large, and will take a lot of time to be broken. Of course the user could have their PC infested with a virus that does the memory inspection, but that's why we have antivirus software.

Not that I'm an expert on the matter; just chiming in with what understanding I do have.

[kcd.Spektor]

At some point someone will notice (either by bytecode/memory inspection or outbound packet traffic inspection) that everyone has the same private key and your entire security system falls apart. Suddenly anyone and everyone can impersonate the server.

How does knowing the fact that every server and client has the same key helps them if they don't know the key itself?

Here's a pretty good layman-friendly explanation of the concept.

Thanks for the great example
Take your message, treat it as a number and multiply it by a bunch of primes.
Send it to me. I will then multiply by a bunch of primes too.
I send it back to you. You then divide by all of your primes.
Send it back to me. I divide by all of my primes and get the original message.

So can I for example use this technique to transfer the randomly generated key from server to the client?
And then use it?

[jrb00001]

Here's a pretty good layman-friendly explanation of the concept.

That is a very easy but good explanation about encryption. But the problem here is the authentication and not encryption. If you use some sort of private / public key authentication you could even send everything unencrypted. But as soon you send a password you have to send it encrypted and authenticate the server before you do anything.

How does knowing the fact that every server and client has the same key helps them if they don't know the key itself?

How do the servers and clients know the key? The need it for the authentication... And everybody has the possibility to read their own disks / RAM!

So can I for example use this technique to transfer the randomly generated key from server to the client?

You could do that but it only helps with encryption and not with authentication. If you send the password to the server, the client has to authenticate the server to prevent a MITM attack.

[kcd.Spektor]

Here's a pretty good layman-friendly explanation of the concept.

That is a very easy but good explanation about encryption. But the problem here is the authentication and not encryption. If you use some sort of private / public key authentication you could even send everything unencrypted. But as soon you send a password you have to send it encrypted and authenticate the server before you do anything.

Thanks jrb and kartoFlane.
I now have a better understanding of how to make the game more secure.
If you have more ideas on how to make an easy secure authetification, they are welcome.

[kcd.Spektor]

On a general note, I was planning on finishing the alpha by the end of the week.
But looks like I won't make it.
Finding good enough free sounds, mixing them, fiddling with weapons images in photoshop, it takes more time than I thought.
But I'm getting there.

[jrb00001]

If you have more ideas on how to make an easy secure authetification, they are welcome.

Easy and secure at the same time? Is that even possible?

I have a second idea but it will be much more complicated for players: Serverfiles. A serverfile contains the address and the certificate of a server (and probably some informations like the name and a description). The player can copy such a file to some directory and the server will appear on his serverlist. And if the filename can also be given using a command line parameter, it would be possible to use a link on a website.

I think my first idea (authentication with a central server) is better because it is secure, has easier code and is much easier for the player. Yes, there are additional costs because you need a server (I could host the central server for you while the game is free). But if you want to sell your game, it is the way to go because a central server is also some sort of DRM.