Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I ended up also posting on sci.crypt and I'll try to summarize the suggested changes (as far as I understand them) below in case it might be of interest.</p> <p><strong>Step 1: Client sends a HTTPS request to the login server with credentials</strong></p> <p>Assuming that the credentials take the form of a login token, also add a self-assigned unique id.</p> <p><strong>Step 3: The user information + RC4 session + timestamp + digest</strong></p> <p>Use an encryption algorithm that ensures integrity, instead of using a digest explicitly. E.g. AES-GCM or AES-CCM. Add the extra id field in step 1. Add the ip to the game server as well.</p> <p><strong>Step 4: The packaged data + RC4 session encryption key + ip address to the game server is sent as a reply.</strong></p> <p>Giving the timestamp to the client will allow the client to know when the session has expired. This avoids unnecessary connects to the game server with expired credentials.</p> <p><strong>Step 5: The client opens a connection to the game server, sends an initial unencrypted hello message with the encrypted user information as a payload.</strong></p> <p>Add the self-assigned id in step 1 unencrypted to the payload.</p> <p><strong>Step 6: The game server unpacks the data packaged in (3). It now knows the user and the RC4 encryption key it is supposed to use.</strong></p> <p>The game server matches both its own ip with the encrypted ip, as well as the encrypted id with the id given by the client. The first prevents the user from going to a different server with the same credentials. </p> <p><strong>Step 8: If everything checks ok, the server sends an unencrypted LOGIN_OK, and the RC4 encrypted communication starts.</strong></p> <p>At this point the game server cannot be sure of the client's identity. Use the session key and encrypt nonce + strictly increasing session id + login success state using AES-GCM/CCM and send it to the client.</p> <p>The client decrypts and checks the login success state. If this is true, then the client knows that the game server knows the session key (GCM/CCM verifies that the packet has not been tampered with). The client returns sid + nonce.</p> <p>The server verifies sid + nonce is the same as the values sent.</p> <p>Finally the client and server creates new session keys by hash-ing the session key with sid + nonce + salt to create the key for the consequent communication, to prevent a possible replay attack.</p> <p><strong>Regarding RC4</strong></p> <p>There are vulnerabilities in RC4, but it probably would suffice for this scheme because of the rather aggressive key rescheduling. However, there are modern ciphers which are more secure and faster, such as Snow 2.0 or Trivium.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload