| Author |
Message |
Qndre
Server Help Squatter
Gender:
Joined: Jan 25 2004
Posts: 295
Offline
|
 Posted: Sun Apr 25, 2004 11:40 am Post subject: |
 |
 |
|
|
| Cyan~Fire wrote: | | I'm confused though. If you're just going to be using a proxy, then it'll still appear as VIE to subgame... |
That's right! You allow VIE and let the proxy connect. Direct access to subgame2 will be refused so no VIE client can join if you don't want it. |
|
| Back to top |
|
 |
nintendo64
Seasoned Helper
Age:40
Gender:
Joined: Dec 01 2002
Posts: 104
Location: Dominican Republic
Offline
|
|
| Back to top |
|
|
Qndre
Server Help Squatter
Gender:
Joined: Jan 25 2004
Posts: 295
Offline
|
| Posted: Mon Apr 26, 2004 7:26 am Post subject: |
|
|
|
|
Thanks. |
|
| Back to top |
|
|
Cyan~Fire
I'll count you!
Age:38
Gender:
Joined: Jul 14 2003
Posts: 4608
Location: A Dream
Offline
|
| Posted: Mon Apr 26, 2004 6:47 pm Post subject: |
|
|
|
|
I really doubt whether anyone will want to run a Qndre-hacked subgame2 for their server. Also, I really doubt whether many zone sysops will care enough about your client to personally add users to the VIP list.
_________________
This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him. |
|
| Back to top |
|
|
Qndre
Server Help Squatter
Gender:
Joined: Jan 25 2004
Posts: 295
Offline
|
| Posted: Tue Apr 27, 2004 8:07 am Post subject: |
|
|
|
|
| Cyan~Fire wrote: | | I really doubt whether anyone will want to run a Qndre-hacked subgame2 for their server. Also, I really doubt whether many zone sysops will care enough about your client to personally add users to the VIP list. |
I can also run the VIE encryption on the client-side. But that would mean that they'd have to allow VIE clients. And that's what they won't do because they have armageddon-like panic of cheaters. |
|
| Back to top |
|
|
Cyan~Fire
I'll count you!
Age:38
Gender:
Joined: Jul 14 2003
Posts: 4608
Location: A Dream
Offline
|
| Posted: Tue Apr 27, 2004 6:34 pm Post subject: |
|
|
|
|
| Qndre wrote: | | And that's what they won't do because they have armageddon-like panic of cheaters. |
Uhhh, my point? |
|
| Back to top |
|
|
Mr Ekted
Movie Geek
Gender:
Joined: Feb 09 2004
Posts: 1379
Offline
|
| Posted: Tue Apr 27, 2004 8:39 pm Post subject: |
|
|
|
|
Qndre is implying that our paranoia over cheating is unfounded. 
_________________
4,691 irradiated haggis! |
|
| Back to top |
|
|
CypherJF
I gargle nitroglycerin
Gender:
Joined: Aug 14 2003
Posts: 2583
Location: USA
Offline
|
| Posted: Tue Apr 27, 2004 8:53 pm Post subject: |
|
|
|
|
rotfl! SS 1.35 :/
_________________
Performance is often the art of cheating carefully. - James Gosling |
|
| Back to top |
|
|
Mr Ekted
Movie Geek
Gender:
Joined: Feb 09 2004
Posts: 1379
Offline
|
| Posted: Tue Apr 27, 2004 10:47 pm Post subject: |
|
|
|
|
| Changing the key on the fly means there could be many packets that do not properly decrypt. Do you plan to allow either key for a period of time after the key change is sent? |
|
| Back to top |
|
|
nintendo64
Seasoned Helper
Age:40
Gender:
Joined: Dec 01 2002
Posts: 104
Location: Dominican Republic
Offline
|
| Posted: Tue Apr 27, 2004 11:08 pm Post subject: |
|
|
|
|
| Mr Ekted wrote: | | Changing the key on the fly means there could be many packets that do not properly decrypt. Do you plan to allow either key for a period of time after the key change is sent? |
i never thought about it, but ekted's right!, Qndre i don't think such encryption scheme will work for the proxy.
-nintendo64 |
|
| Back to top |
|
|
Mr Ekted
Movie Geek
Gender:
Joined: Feb 09 2004
Posts: 1379
Offline
|
| Posted: Tue Apr 27, 2004 11:45 pm Post subject: |
|
|
|
|
| If the encryption method is sound, trust it to stand on its own. If you need to change keys because the first key isn't good enough, then the second one isn't good enough either. |
|
| Back to top |
|
|
Qndre
Server Help Squatter
Gender:
Joined: Jan 25 2004
Posts: 295
Offline
|
|
| Back to top |
|
|
Mine GO BOOM
Hunch Hunch
What What
Age:42
Gender:
Joined: Aug 01 2002
Posts: 3616
Location: Las Vegas
Offline
|
| Posted: Wed Apr 28, 2004 10:00 am Post subject: |
|
|
|
|
| Qndre wrote: | Someone told me that CONT also changes the "scrty1" after some time or after some bytes sent. Client has to send the new key about 20 packets before it's used and server should use it if this "key-latency-period" (20 packets or so) is over.
...
CONT also changes the key in-session. And the encryption not bad only because it does. But changing the key will prevent it from being calculated using a known-plaintext attack (feedback doesn't really prevent keys from being attacked). |
What did you learn from the last time? Don't trust what everyone says 100%. Whomever told you this knows very little about the encryption Continuum uses. I suggest you look into this a bit more, and you'll see that Continuum in fact uses the same key the whole time, and doesn't change as long as your connected. Granted, the server key may change if you restart the zone, but the server/client key does not change while you are connected.
Want real evidence? Log the packets that go around, and enter a zone that does not have reliable public messages (important!). This way, you can send the same packet twice, at different time intervals. So, type "Hello" and see that packet (or to make it easier to find, make it nice and long message so you only have to find the 100+ byte packet.) Now do some other things, and send that same message. Encrypted packet is the same.
Note this doesn't work for other packet types, because the data that is being encrypted isn't consistent over two intervals, either the timestamp changes (positions) or the reliable ID changes. This does work for laggy clients, ones in which will send the same position packet twice over a small delay, but this won't help prove your key-changing question. |
|
| Back to top |
|
|
Mr Ekted
Movie Geek
Gender:
Joined: Feb 09 2004
Posts: 1379
Offline
|
| Posted: Wed Apr 28, 2004 11:21 am Post subject: |
|
|
|
|
It is possible to design an encryption algorithm that can be restarted at the beginning of every UDP packet, that is also very resistant to plain text attack. Think about the way hashes work: every bit of the input affects every bit of the output.
One of the easiest ways to see how bad VIE encryption is, is to send 2 almost similar text messages and look at the encrypted packets. Like:
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab
You will see that only the last byte of the packet is different, and only different by 1 bit as expected. This is very poor. With s good algorithm, the above 2 text messages would encrypt to completely different "streams" and be unrecognizable from each other. |
|
| Back to top |
|
|
Qndre
Server Help Squatter
Gender:
Joined: Jan 25 2004
Posts: 295
Offline
|
| Posted: Wed Apr 28, 2004 11:28 am Post subject: |
|
|
|
|
| Mine GO BOOM wrote: |
[..]
What did you learn from the last time? Don't trust what everyone says 100%. Whomever told you this knows very little about the encryption Continuum uses. I suggest you look into this a bit more, and you'll see that Continuum in fact uses the same key the whole time, and doesn't change as long as your connected.
[..]
|
Right. "scrty1" doesn't change either... My chat-friend just found some code/data inside CONT which could be able to do so. But he wasn't sure if this code is used. Since I think you are very sure about that the key doesn't change, I'll try to do more "research" on that "constant" key.
| Mr Ekted wrote: |
It is possible to design an encryption algorithm that can be restarted at the beginning of every UDP packet, that is also very resistant to plain text attack. Think about the way hashes work: every bit of the input affects every bit of the output.
|
Such algorithms are very difficult to create. You need to hide the encryption key to decrypt the data somewhere within the data itself (so that it can be calculated out of the data) because sending a key through an encrypted connection will make everyone which knows current key knowing the other key as well. I guess the best way is to make the keystream generator and encryption algorithm strong enough so that a keychange isn't required and that it would take ages to calculate the key using a known-plaintext attack. Maybe a new kind of feedback that spans over much of data and changes with the data itself or so.
_
Sorry for bringing this thread so far off topic. It was once a server question about friction.  |
|
| Back to top |
|
|
Cyan~Fire
I'll count you!
Age:38
Gender:
Joined: Jul 14 2003
Posts: 4608
Location: A Dream
Offline
|
| Posted: Wed Apr 28, 2004 4:40 pm Post subject: |
|
|
|
|
You know, if your dencryption is good enough, you don't need to change the key.
| Qndre wrote: | | My chat-friend just found some code/data inside CONT which could be able to do so. But he wasn't sure if this code is used. |
Your chat friends in the past have turned out to be liars. Don't trust them. |
|
| Back to top |
|
|
Jackmn
Newbie
Joined: Apr 02 2004
Posts: 13
Offline
|
| Posted: Wed Apr 28, 2004 8:42 pm Post subject: |
|
|
|
|
Why not just use a cipher that's generally accepted to be secure?
Something like RC4, working with the Diffie-Hellman key exchange and key signing.
Ultimately the best option is just to use a tried-and-true encryption library; then you don't have to worry about encryption security.
At any rate, it's extremely unlikely that you will iron out a bullet-proof encryption system on your own in your free time. Entire teams of mathmaticians and programmers can take years to do that. |
|
| Back to top |
|
|
Mr Ekted
Movie Geek
Gender:
Joined: Feb 09 2004
Posts: 1379
Offline
|
| Posted: Wed Apr 28, 2004 11:02 pm Post subject: |
|
|
|
|
| Also, if your algorithm is greater than 56-bit symmetric key, and you plan on having it available (download source or binaries) on servers in the US, you basically need NSA "permission". This is seriously fucked up, but it's true. |
|
| Back to top |
|
|
Mine GO BOOM
Hunch Hunch
What What
Age:42
Gender:
Joined: Aug 01 2002
Posts: 3616
Location: Las Vegas
Offline
|
| Posted: Wed Apr 28, 2004 11:19 pm Post subject: |
|
|
|
|
| Mr Ekted wrote: | | Also, if your algorithm is greater than 56-bit symmetric key, and you plan on having it available (download source or binaries) on servers in the US, you basically need NSA "permission". This is seriously fucked up, but it's true. |
Link to source, such as a newspaper, congress online, or on NSA's site? |
|
| Back to top |
|
|
Mr Ekted
Movie Geek
Gender:
Joined: Feb 09 2004
Posts: 1379
Offline
|
|
| Back to top |
|
|
Qndre
Server Help Squatter
Gender:
Joined: Jan 25 2004
Posts: 295
Offline
|
| Posted: Thu Apr 29, 2004 10:11 am Post subject: |
|
|
|
|
| Mr Ekted wrote: | | Also, if your algorithm is greater than 56-bit symmetric key, and you plan on having it available (download source or binaries) on servers in the US, you basically need NSA "permission". This is seriously fucked up, but it's true. |
1. I am coming from Germany. Here are also some laws which no one needs and which get annoying but you are allowed to develop and use strong cryptography here (not sure but why shouldn't you?).
2. Do you think that VIE had a permission for their encryption (520 byte - 4160 bit) or Priit has a permission for his encryption (2x 80 byte - 1280 bit (2x because there is a 80 byte (640 bit) key for S2C and a 80 byte (640 bit) key C2S))? |
|
| Back to top |
|
|
Mine GO BOOM
Hunch Hunch
What What
Age:42
Gender:
Joined: Aug 01 2002
Posts: 3616
Location: Las Vegas
Offline
|
| Posted: Thu Apr 29, 2004 12:10 pm Post subject: |
|
|
|
|
| Qndre wrote: | | Do you think that VIE had a permission for their encryption (520 byte - 4160 bit) or Priit has a permission for his encryption (2x 80 byte - 1280 bit (2x because there is a 80 byte (640 bit) key for S2C and a 80 byte (640 bit) key C2S))? |
VIE uses only a 4 byte encryption. Priit helped with creating Kazaa, and thus I'm pretty sure he wouldn't care about US laws at all either. Even so, Continuum still uses only a 4 byte key. Still wondering where you get your numbers... |
|
| Back to top |
|
|
Qndre
Server Help Squatter
Gender:
Joined: Jan 25 2004
Posts: 295
Offline
|
| Posted: Thu Apr 29, 2004 3:41 pm Post subject: |
|
|
|
|
| Mine GO BOOM wrote: | [..]
VIE uses only a 4 byte encryption.
[..]
Still wondering where you get your numbers... |
It's the length of the keySTREAM (not of the key). |
|
| Back to top |
|
|
Dr Brain
Flip-flopping like a wind surfer
Age:39
Gender:
Joined: Dec 01 2002
Posts: 3502
Location: Hyperspace
Offline
|
| Posted: Thu Apr 29, 2004 4:58 pm Post subject: |
|
|
|
|
Yet again Qndre decides to reply to something totally unrelated.
_________________
Hyperspace Owner
Smong> so long as 99% deaths feel lame it will always be hyperspace to me |
|
| Back to top |
|
|
Mr Ekted
Movie Geek
Gender:
Joined: Feb 09 2004
Posts: 1379
Offline
|
| Posted: Thu Apr 29, 2004 5:01 pm Post subject: |
|
|
|
|
| Qndre, it's the length of the key. If a 32-bit key creates the keystream, then there are only 2^32 possible keystreams. That is the point. This can be brute-forced by any desktop system in less than an hour if you know the algorithm. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Statistics
Register
Profile
Login to check your private messages
Login
?freqkick abuse 
