-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PP (of sorts): Ed25519 Authentication #51
Comments
I had looked into a design here too a while back. I can try to find my notes again but it avoids a few pitfalls that this is vulnerable to, like a malicious server A replaying a nonce received from server B to receive an authenticated connection. In general, you can't really solve that without distributing server keys to users too, which makes things a bit more involved than your proposal. |
In that case, I think adding the address to the signature should help. |
The source has been updated to include that. |
Nevermind about that, looks like I forgot the possibility of connecting from the LAN. |
Perhaps if the address is also sent in plain-text and checked to be valid, it could work. |
Maybe I could take inspiration from SSH? |
Well, I know one way to make it work, but we would have to add encryption to the protocol. |
The solution I ended up with was using the server list protocol to send the server keys out-of-band and to derive new client keys per server for security and privacy. But that was part of a more general user authentication scheme, I think things could be simplified from that if one accepts just putting pubkeys in the config like with ssh. Having some way to encrypt/sign messages would be desirable in general to prevent an attacker on the same network from e.g. injecting malicious commands into the connection, but I think in this day and age of 99% online play over public networks that are unlikely to care about a block game, I think that's an acceptable risk. |
That does create issues when a player attempts to join a server that is not listed, or maybe join from the LAN. With a simple encryption method (or possibly even by signing all packets) however, I do not see a way for a middleman to authenticate to a server with the client's key and also send/receive packets as the client. There are only two things that I can see the middleman doing:
In addition, it may be worth disallowing other servers on the serverlist from connecting to each other, as long as their IP addresses are not in use by a real player. |
Do C source files count? Well here's one anyway.
Also, I have made an implementation already for both the client and server parts of my libspades project, and it seems to work well enough. My MitM proxy and server programs use libsodium for the cryptography.
The text was updated successfully, but these errors were encountered: