EvenBalance PB support for ET ended (and consequences)

Discussion Forum for Jaymod
hellreturn
Spawn Camper
Posts: 131
Joined: Sun Nov 09, 2008 8:17 pm
Contact:

Re: EvenBalance PB support for ET ended (and consequences)

Post by hellreturn » Sun Oct 30, 2011 8:37 am

May be Windows product key based :P I guess they are unique from Win XP to win 7.

User avatar
jaybird
Jaymod Developer
Posts: 2733
Joined: Thu Feb 24, 2005 12:27 pm
Location: San Antonio, TX
Contact:

Re: EvenBalance PB support for ET ended (and consequences)

Post by jaybird » Mon Oct 31, 2011 10:46 am

Ligustah wrote:
jaybird wrote:Public/private key couldn't work. That setup is to establish trust between two trustworthy parties. In ET's case, the client can not be trusted at all and there is no authority
Then I don't see why anyone would use public/private keys.
I thought it might work like this: the client sends his public key to the server, the server will send a challenge to the client that can only be solved with the private key. The server can then "deduce" the GUID from the public key.

Anything wrong with my idea? (I'm really not sure, I just read something like that)
Whose private key? Keys are made in pairs, and a private key must not EVER be transmitted over the line, or else it's not private anymore. So client sends their public key, and what else? What is the server supposed to do with that key? I'm not really following your suggestion. Even then, you're treating the client as someone who is worth of trust, and a client is NEVER EVER worthy of trust.

Ligustah
Panzer n00b
Posts: 66
Joined: Wed Apr 13, 2011 9:03 am

Re: EvenBalance PB support for ET ended (and consequences)

Post by Ligustah » Mon Oct 31, 2011 4:04 pm

The way I understand things, when a client generates a key pair, he can freely distribute the public key, so that anybody can encrypt messages with it. However, only the private key can be used for decryption.

So, basically, the client sends his public key and the server generates a challenge that can only be decrypted with the (secret) private key. That way the server can verify that the client in question is the "owner" of the public key he sent.

This, of course, does not prevent someone from generating new keys, it does however prevent people from taking other people's identities (which is a well known problem these days), if I am not mistaken.

It's like a CD key that a client can generate on its own.

Also, if your concern is that people are able to generate their own keys with this, well, they would be anyways. As you said,
you can never trust the client, no matter how complicated the system is, but public/private keys would at least allow for verification of the claimed identity.


(I'd like to mention again, that I am not some sort of crypto-specialist, I just read a lot :P
I think what I described is about how SSH authentication with public keys works, but I am not sure about that)

User avatar
jaybird
Jaymod Developer
Posts: 2733
Joined: Thu Feb 24, 2005 12:27 pm
Location: San Antonio, TX
Contact:

Re: EvenBalance PB support for ET ended (and consequences)

Post by jaybird » Mon Oct 31, 2011 4:23 pm

What you describe is correct. The problem may not have a perfect solution, but I have a hard time buying one that allows the client to generate id's at will. I also don't think giving the client and server an encrypted handshake actually does any good. Encryption exists only to hide the data from prying eyes. ET doesn't even use the features of TCP to ensure packet delivery - I don't know why we'd care if people intercepted game packets.

I think you have encryption confused with identity. A widely used example of both of these is the use of SSL certifications. The private/public key encryption garbles the data being sent between the two parties so other people snooping on the wire can not see the contents of the packets. Identity is only offered for the server - all SSL keys are signed by some issuing certificate authority (even if it is self signed). The client knows whether to trust the server based on if the public cert it received has the signature of an authority the client trusts. The server does not have a means to identity the user based on the certificates, so web applications must provide their own means of identifying a user (hence why we have logins all over the web).

What ET needs at this point is identification, not encryption. That's what PB's GUIDs provided, even though it was pointless because of the lack of a real cd key to base the GUID on. We have the opportunity to solve that problem. It may not be perfect, but it can certainly be better that what PB gave us.

Ligustah
Panzer n00b
Posts: 66
Joined: Wed Apr 13, 2011 9:03 am

Re: EvenBalance PB support for ET ended (and consequences)

Post by Ligustah » Mon Oct 31, 2011 5:29 pm

I don't think that what PB offered was any good. First of all i could have got a new GUID simply by running a command in the game console. The second thing is/was that the server trusts the client with the GUID calculation, which makes spoofing GUIDs possible with just a few lines of code.

That's why I thougth a cryptographic solution, where the client can actually prove that he owns the GUID he tries to identify with, would be better.

I think we were somewhat talking past each other there, but I see your concern with the client being able to generate his own IDs.

I've been running Jaymod servers for quite some years now, and I have hardly ever had problems with people getting new GUIDs (e.g. to circumvent bans). What really annoyed me was that it was so easy to steal someone's identity just by changing a single cvar. That did cause quite a few problems.


My point is: whatever solution is implemented, please make the client prove that he owns the GUID he claims to have (that is where I thought public/private keys would come along).

EDIT:
I never meant the keys to be used for decryption of game packets. I thought it could work like this:

Code: Select all

C->S: insert public key here
S->C: use public key to encrypt a random challenge string
C->S: use private key to decrypt and send back the decrypted challenge
Server: compare strings to see if the client owns the correct private key,
generate a shorter GUID from the public key
The encryption is only used to let the client prove he can decrypt the challenge (which he can do only if he has the private key => spoofing becomes a cryptographic problem)

panthro
Server n00b
Posts: 12
Joined: Mon Apr 04, 2011 8:07 pm

Re: EvenBalance PB support for ET ended (and consequences)

Post by panthro » Mon Nov 07, 2011 4:10 pm

You know how GUIDs ETPRO are generated ?
would like to do something ?
could be new guid = mac address?
Image

Ligustah
Panzer n00b
Posts: 66
Joined: Wed Apr 13, 2011 9:03 am

Re: EvenBalance PB support for ET ended (and consequences)

Post by Ligustah » Mon Nov 07, 2011 6:01 pm

If I am not mistaken, etpro GUIDs are easily spoofed as well.

vicios
Server n00b
Posts: 1
Joined: Fri Jan 13, 2012 6:49 pm

Re: EvenBalance PB support for ET ended (and consequences)

Post by vicios » Tue Jun 26, 2012 2:07 am

Hello, if can not publish other websites, my question is this, though no date of delivery of the new version of Jaymod, I wonder if will come with the creation of Etkey,

Jaybir and if this issue is not distrubed, how it could add a paragraph or other pk3 Generate GUID from the server or from Jaymod As in the other mod?

http://forums.warchestgames.com/showthr ... -guid-code

The problem is that there are fewer players in Jaymod, players prefer to go to another mod with the Guid creation system and Jaymod server is running low in comparison with the other mod, when supoerior always was, and still lose Jaymod players, and if the server is PB-on losses are adding more than half the problems of Etkey, Pb-update , in 2 months we went from the top 50 to 123 with new versions with mod creators guid

I also like to know how I can do, Jaymod server, download a file and send it to the folder PB client for auto-updating PB from the Pb-on server

Apart from this, I wanted to thank the Great work that has been doing Years for community ET

Greetings and thanks
Image

Post Reply