[Home] [Groups] - Message: [Prev in Group] [Next in Group]
28826: Re: [MUD-Dev] Trusting the client, encrypting data
[Full Header] [Plain Text]
From: "Ola Fosheim Grøstad" <olag@ifi.uio.no>
Newsgroups: nu.kanga.list.mud-dev
Date: Tue, 16 Dec 2003 13:19:00 +0100
References: [1]
Organization: Kanga.Nu
Jessica Mulligan <jessica@mm3d.com> writes:
> one person has a method down, everyone will know it. I remember
> once on UO we spent several weeks rewriting the encryption; it was
> pretty damn good, too. It was broken in less than three days,
> sending something like a man-month of engineering time down in
> flames. I'm sure we can all repeat stories similar stories.
I don't have any course on crypto, but I can't see how the
encryption itself could fail provided that you design for it. If
common headers are a problem, then avoid them. For instance
huffman-encode them and put them in a dictionary, which is a good
idea anyway, (make every single bit count) and send the packets in
random order making predictions about content useless. (or possibly
prefix with a random length string of noise)
What went technically wrong in the UO case?
> If you do come up with a method that works reliably and stays
> unbroken, you'll be a very rich and sought-after man and American
> women will want to have your babies.
Unbroken is relative though. If it takes 1 year to break the key on
one PC then you pretty much have what you want.
(Not sure I would trust a team recruited for doing games with crypto
stuff though. You have to nitpick and take the time required...)
--
Ola - http://folk.uio.no/olag/
_______________________________________________
MUD-Dev mailing list
MUD-Dev@kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev