advanced admin and user authentification
vsteiss at web.de
vsteiss at web.de
Thu Mar 29 10:21:13 EDT 2007
Hello,
I have a question regarding this comment in bug#3019.
https://bugzilla.icculus.org/show_bug.cgi?id=3019:
>>>>
(In reply to comment #13)
> Configurable prefix used to compute the MD5 serving as a GUID will still be a
> security hole. The only difference is that the attacked will have first to join
> the server it wants to hack to record the prefix used there before configuring
> his own server with the same prefix value.
>
> As it is now, it is still possible to hack the system ( although highly
> unlikely ) if you can use a tool like tcpdump to capture the packets between
> your victim and the server. Although greatly limited over the internet, such
> hack method can still be used in more constrained environments like a big LAN
> sharing a single internet connection.
>
> A good solution which wouldn't involve changing too much the client and the
> server consists in using the Diffie-Hellman key agreement system. Such system
> is considered secure against eavesdroppers as long as the keys are carefully
> chosen. And that way, server operators can still share a single server key
> between many servers and change the server IP.
>
> http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
>
> Although the page says to discard a and b in the end. We want to keep them here
> since they are the new qkeys.
>
> And for the implement you say? What about libcrypto, part of OpenSSL?
> http://www.openssl.org/docs/crypto/dh.html
I don't see how we can add any type of key exchange protocol without breaking
the game protocol. Breaking the game protocol conflicts with ioq3 goals I
think.
[...]
<<<<
As it was closed with >>I'm closing this bug, the keying stuff
belongs in a new "enhancement" ticket I guess.<< my question is:
Is there any work in progress to make an advanced secure authentification?
Regards
Beselius
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
More information about the quake3
mailing list