[MUD-Dev] Trusting the client, encrypting data
Ola Fosheim Grøstad <olag@ifi.uio.no>
Ola Fosheim Grøstad <olag@ifi.uio.no>
Tue Dec 16 13:19:00 CET 2003
Jessica Mulligan <jessica at mm3d.com> writes:
> one person has a method down, everyone will know it. I remember
> once on UO we spent several weeks rewriting the encryption; it was
> pretty damn good, too. It was broken in less than three days,
> sending something like a man-month of engineering time down in
> flames. I'm sure we can all repeat stories similar stories.
I don't have any course on crypto, but I can't see how the
encryption itself could fail provided that you design for it. If
common headers are a problem, then avoid them. For instance
huffman-encode them and put them in a dictionary, which is a good
idea anyway, (make every single bit count) and send the packets in
random order making predictions about content useless. (or possibly
prefix with a random length string of noise)
What went technically wrong in the UO case?
> If you do come up with a method that works reliably and stays
> unbroken, you'll be a very rich and sought-after man and American
> women will want to have your babies.
Unbroken is relative though. If it takes 1 year to break the key on
one PC then you pretty much have what you want.
(Not sure I would trust a team recruited for doing games with crypto
stuff though. You have to nitpick and take the time required...)
--
Ola - http://folk.uio.no/olag/
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list