[MUD-Dev] SSH Encryption on data stream

[Mike Shaver]

On Oct 10, Craig H Fry wrote:

> So many games are plagued by packet sniffers I often wondered why
> more companies didn't do a per-session SSH encryption on the data
> stream.  Has anyone tried or is it just assumed the over head for
> packet encryption/decryption would cause a bottleneck?  I'm
> seriously considering using SSH for data encryption for my data
> streams and was curious if it is worth looking into.

I wouldn't think that SSH would be a very good fit here; I don't
know of any API exposed other than the TCP socket-forwarding one,
and then you run into the pain of TCP-over-TCP and the exacerbated
effects of packet loss that comes with it.

SSL (via OpenSSL or Mozilla's NSS or something similar) would seem a
much better fit, though I'm not sure how well they work on datagram
setups.  If nothing else, the OpenSSL libraries provide decent
implementations of your core cryptographic operations, though I feel
compelled to advise -against- building your own cryptographic
infrastructure.  It's a sucker's game, given the ease with which a
simple error in key management or cipher chaining can render the
entire system useless, and one that should be avoided in favour of
reusing an existing system in toto, if that option is at all
available.

Mike
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev