imho: screw us patents, almost anything seems to be patented: http://www.theregister.co.uk/2004/11/03 ... d_lawsuit/
Cheating Problems with Nexuiz?
Moderators: Nexuiz Moderators, Moderators
31 posts
• Page 3 of 4 • 1, 2, 3, 4
by KadaverJack » Sat Jul 14, 2007 11:42 pm
Well, there must be other open source projects which are using similar authentification procedures, how are they dealing with us patents?
imho: screw us patents, almost anything seems to be patented: http://www.theregister.co.uk/2004/11/03 ... d_lawsuit/
imho: screw us patents, almost anything seems to be patented: http://www.theregister.co.uk/2004/11/03 ... d_lawsuit/
- KadaverJack
- Site admin and forum addon
- Posts: 1102
- Joined: Tue Feb 28, 2006 9:42 pm
by tZork » Sun Jul 15, 2007 2:51 am
divVerent wrote:Actually, sorry, I didn't mean instant kill as in hitscan...
just a stronger homing rocket launcher. So you'd lock on your target and shoot, and the target then will die when the rocket hits him (so one hit is always lethal). Maybe slowly (think: poison). And the only way to escape would be turning around a corner so the rocket will slam into a wall and detonate.
Actually, that would not be much different from UT's rocket launcher when you use it to shoot five rockets at a locked target.
Sounds preddy similar to the hagarmod i did for the MoN server. I borrowed the idea from Battlezone2 tho
It fiers a tracer round, it that hit the weapon releases # guided missiles with some basic avoid crashing into the world ai. Bets way to counter em is to shoot em down with primary hagar fire; that mode is like a AA Gun.HOF:
<Diablo> the nex is a "game modification"
<Diablo> quake1 never had a weapon like that.
<Vordreller> there was no need for anything over 4GB untill Vista came along
<Samua>]Idea: Fix it?
<Samua>Lies, that only applies to other people.
<Diablo> the nex is a "game modification"
<Diablo> quake1 never had a weapon like that.
<Vordreller> there was no need for anything over 4GB untill Vista came along
<Samua>]Idea: Fix it?
<Samua>Lies, that only applies to other people.
- tZork
- tZite Admin
- Posts: 1337
- Joined: Tue Feb 28, 2006 6:16 pm
- Location: Halfway to somwhere else
by divVerent » Sun Jul 15, 2007 9:08 am
No, the usual auth server method is flawed, because a malicious server can set the cvar containing the auth server address to send the key there.
Also, when the auth server is down, the game should still work.
Still, there must be a zero knowledge protocol one can use... maybe there IS a RSA based ZK protocol that proves x^e = g mod N. Fiat Shamir actually is free (IIRC) and quite close to that for e = 2, maybe there are no bad security implications when fixing e=2. That is:
Registration:
- User sends nickname to auth server.
- Auth server checks if nick is unique, and if yes, it sends back x = sqrt(H(nick)) mod N (where d is the inverse exponent of 2). As the auth server works as an oracle that would actually "break" the protocol, it has to make sure that it never gives a key for the same nickname. A password may be used to allow requesting the same nick multiple times.
Authentication:
Iterate M times (or parallel with a low iteration count):
- User generates a random number r.
- User sends nickname and R := r^2
- Server sends a random bit b
- User sends y := r x^b
- Server checks if y^2 = R H(nick)^b
Now assume that H() is a safe hash function. Then our attacker can't generate x = sqrt(H(nick)) combinations easily; note that he can generate x = sqrt(h) combinations by setting x = t, h = t^2. But as long as he can't invert the hash function, this won't help him, and even if it did, he could only generate gibberish nicknames.
If the user sends the same random number twice, the server can respond with different values of b, and then knows r x and r, from which it can derive x and steal the identity.
The product r x^b is without any information about x, as r isn't known, and only r^2 is (assuming that finding square roots mod N is hard). If the attacker can always guess b right, he can easily break the protocol: he generates y at random, and sets R = y^2 / H(nick)^b. This is no problem, but actually it proves zero knowledge, because one can get the very same data exchange using this "cheating prover" by just discarding the iterations where the prover lost the test (actually, as an additional detail, we may need that H(nick) may only generate square residuums mod N, which is kind of a problem as this can't be achieved by squaring the result, but the auth server could for example modify the nickname a bit by attaching an (invisible) number until H(nick) is a square).
However, this protocol IS vulnerable to a simple man-in-the-middle attack: you could run a server that waits till someone connects, and he will do the identification for you to connect to another server. But that's not THAT serious IMHO.
So... is Fiat Shamir still safe when using the protocol for many players? And is it patent free?
Also, when the auth server is down, the game should still work.
Still, there must be a zero knowledge protocol one can use... maybe there IS a RSA based ZK protocol that proves x^e = g mod N. Fiat Shamir actually is free (IIRC) and quite close to that for e = 2, maybe there are no bad security implications when fixing e=2. That is:
Registration:
- User sends nickname to auth server.
- Auth server checks if nick is unique, and if yes, it sends back x = sqrt(H(nick)) mod N (where d is the inverse exponent of 2). As the auth server works as an oracle that would actually "break" the protocol, it has to make sure that it never gives a key for the same nickname. A password may be used to allow requesting the same nick multiple times.
Authentication:
Iterate M times (or parallel with a low iteration count):
- User generates a random number r.
- User sends nickname and R := r^2
- Server sends a random bit b
- User sends y := r x^b
- Server checks if y^2 = R H(nick)^b
Now assume that H() is a safe hash function. Then our attacker can't generate x = sqrt(H(nick)) combinations easily; note that he can generate x = sqrt(h) combinations by setting x = t, h = t^2. But as long as he can't invert the hash function, this won't help him, and even if it did, he could only generate gibberish nicknames.
If the user sends the same random number twice, the server can respond with different values of b, and then knows r x and r, from which it can derive x and steal the identity.
The product r x^b is without any information about x, as r isn't known, and only r^2 is (assuming that finding square roots mod N is hard). If the attacker can always guess b right, he can easily break the protocol: he generates y at random, and sets R = y^2 / H(nick)^b. This is no problem, but actually it proves zero knowledge, because one can get the very same data exchange using this "cheating prover" by just discarding the iterations where the prover lost the test (actually, as an additional detail, we may need that H(nick) may only generate square residuums mod N, which is kind of a problem as this can't be achieved by squaring the result, but the auth server could for example modify the nickname a bit by attaching an (invisible) number until H(nick) is a square).
However, this protocol IS vulnerable to a simple man-in-the-middle attack: you could run a server that waits till someone connects, and he will do the identification for you to connect to another server. But that's not THAT serious IMHO.
So... is Fiat Shamir still safe when using the protocol for many players? And is it patent free?
1. Open Notepad
2. Paste: ÿþMSMSMS
3. Save
4. Open the file in Notepad again
You can vary the number of "MS", so you can clearly see it's MS which is causing it.
2. Paste: ÿþMSMSMS
3. Save
4. Open the file in Notepad again
You can vary the number of "MS", so you can clearly see it's MS which is causing it.
- divVerent
- Site admin and keyboard killer
- Posts: 3809
- Joined: Thu Mar 02, 2006 4:46 pm
- Location: BRLOGENSHFEGLE
by shaconbacon » Mon Aug 20, 2007 11:32 pm
If there ever was a hack released couldn't the nexuiz team get a hold of it and then release a patch that would make it useless?
- shaconbacon
- Member
- Posts: 10
- Joined: Sun Feb 04, 2007 12:39 am
by Ed » Tue Aug 21, 2007 9:29 am
shaconbacon wrote:If there ever was a hack released couldn't the nexuiz team get a hold of it and then release a patch that would make it useless?
Then the hack authors would just modify their hack, Alientrap would have to modify Nexuiz again and it would be like writing anti-virus software for Windows...
I would much rather see the game made so that there was less advantage to be gained from aimbotting. Slow the laser down, add some spread to the MG secondary fire and make the Nex harder to use. Would this make the game less fun? I don't think so, it would also get rid of various other nuisances like people who think it's fun lasering CTF teammates into space and would mean that facing worlds could actually be used for serious games of 'Capture The Flag', not 'Camp on top of the enemies base stopping the game from going anywhere'.
- Ed
- Forum addon
- Posts: 1172
- Joined: Wed Mar 01, 2006 12:32 am
- Location: UK
by John Galt » Tue Aug 21, 2007 5:43 pm
I haven't seen much in the way of cheating on my servers, but there are definitely troublemakers out there. I can't wait for the next version with kickban support... Right now, it's quite tedious to kick, enter the address manually to net_banlist, lather, rinse, and repeat.
cat /dev/urandom > /dev/mem
- John Galt
- Alien
- Posts: 166
- Joined: Thu Jul 19, 2007 9:20 pm
- Location: Washington, DC
by Ares » Tue Aug 21, 2007 11:07 pm
There's also the paranoia problem... people aren't sure how to tell the difference between a skilled player and an aimbotter.
I like my MG and my Nex, but if it comes to that, and there's no other way of preventing cheaters I'm quite willing to deal with a nexless world; I would ask that the rocket be tuned down in that case, since the Nex counterbalances it right now.
I like my MG and my Nex, but if it comes to that, and there's no other way of preventing cheaters I'm quite willing to deal with a nexless world; I would ask that the rocket be tuned down in that case, since the Nex counterbalances it right now.
- Ares
- Member
- Posts: 15
- Joined: Tue Aug 21, 2007 11:00 pm
by Gut_Eater » Wed Aug 22, 2007 6:48 am
Ares wrote:... and there's no other way of preventing cheaters I'm quite willing to deal with a nexless world; I would ask that the rocket be tuned down in that case, since the Nex counterbalances it right now.
Aargh! No way! As far as i am concerned.
I have not seen anyone yet, who might be a cheater. But i dont play that often.
On the other hand, the amount of people who call someone else a cheater seems to increase. Most of the times i can ignore it, but sometimes it is quite annoying. In their opinion everyone must be a cheater, who is a lot better than they are. Weird!
- Gut_Eater
- Alien
- Posts: 116
- Joined: Fri Apr 07, 2006 1:46 pm
- Location: Germany, NRW
31 posts
• Page 3 of 4 • 1, 2, 3, 4
Return to Nexuiz - General Discussion
Who is online
Users browsing this forum: No registered users and 1 guest