alientrap-forum-archives

[Roanoke]

I have a very simple idea that can allow allow authentication of players without additional infrastructure.

Method
The client chooses a string of characters. The client then hashes this string with a one-way algorithm. Then, the hash is sent to the server where the client is trying to connect. On the server side, the hash is hashed again. This final hash is stored in a file on the server, and connected with the name of the client when he first connected. Then, a player could execute a command to check who another player is, and, if his hash is stored in the server, the name of the player is sent to the querying client.

Pros
- No additional infrastructure
- Protects against both malicious servers and clients (if hashing only takes place on the client side, then the client could send a fake hash and impersonate a player. If hashing only took place on the server side, the server admin could impersonate players by knowing their unhashed ID strings.

Cons
- Only on a per-server basis

I urge the developers to implement this system as soon as possible.

[divVerent]

Server admin can change his server software to dump the hashes the client sent, then change his client software to use that hash instead of the hash function.

BTW, I have a better auth algorithm in working. It is based on an algorithm whose software patent expired 2008, and ensures both anonymity and identification

Basically:
- auth server and player calculate a number together, player is identified by email address, such that the auth server can NOT know which number was generated. The generation is loosely based on RSA. This part can only take place once per week per email address.
- on connect, the player identifies not by the number, but derives a property from the number, and authenticates by a proof of knowledge that he KNOWS a number with that property. This part is based both on RSA and on the crypto scheme mentioned above.

That way, the ID of a player cannot be connected to his email address, yet still it can be used for banning trolls (as he can generate a new ID only in a week). Players who seek anonymity use just this ID - players who want to be tracked (e.g. for stats) are free to publicly associate their ID to their nickname (e.g. in game using a special command that is entered once, and associates their ID with their player nickname).

As anonymity can be guaranteed, such a scheme could even be mandatory for all players without causing privacy issues.

[Roanoke]

Yes, that seems better than my solution. Your solution would require an auth server, correct? Who would run such a server?

[divVerent]

Yes, that seems better than my solution. Your solution would require an auth server, correct? Who would run such a server?

The auth server would simply be a web interface. The computation that guarantees anonymity could be performed in JavaScript (to guarantee trust, anyone can view the JavaScript source code to check for backdoors), in the game we then need RSA signature verification, and that identification scheme (probably needing elliptic curves).

Have to check if RSA can be replaced by ElGamal using eliiptic curves, as that would work with less crypto code

[Roanoke]

Sounds good. Authentication is a crucial but missing part of nexuiz, I think.

[tundramagi]

That way, the ID of a player cannot be connected to his email address, yet still it can be used for banning trolls (as he can generate a new ID only in a week).

So basically, I'm going to be banned from all servers, Also one can't just join a server anymore, got to register on some website. (web == Out-of-band)

As anonymity can be guaranteed, such a scheme could even be mandatory for all players without causing privacy issues.

Hurra, jackboot authoritarianism. But where the beatees are to be placed in an anonomyous punchingbag first. (North Korean Style!)

I'm glad I got out of nexuiz when I did (yesterday).
I've deleted all the links to my maps.
I'm done with nexuiz.
and I'm glad the Illfonic peeps are pissing everyone off.
I'll not be releasing anything for the game again.
I've learned my lesson.

Main dev doesn't like me anymore (ever did?). How is me /msging you some fucking offence?
plus
Is supporting authoritarian crap where you have to register w/ an email to the nexuiz master server. (Could be MANDATORY FOR ALL PLAYERS!)

Knew this day would come.... just didn't think I'd be so sudden and random. I didn't do shit, I though we were friendly. Oh but just /msging you like I always have, oh yes huge offence at that, terribe thing to do.

[Alien]

I am not sure how this would work (what div has posted).

Auth server and player calculate a number together, player is identified by email address, such that the auth server can NOT know which number was generated.

Auth server generates number e.g. 13, player - 7. Does server send 13 to player email address and player add 7 or what?

This part can only take place once per week per email address.

Once per week for same mail address? What does prevent it? Does server check his mail database? Trolls can generate their mail addresses. How would server check if they're valid? By sending mail?

On connect, the player identifies not by the number, but derives a property from the number, and authenticates by a proof of knowledge that he KNOWS a number with that property.

Ok, the player derives a property from the number (eg number mod 7 = 3) So? What does it mean for server if it even doesn't know final number? If player derives a property from a number, of course he knows that number.

That way, the ID of a player cannot be connected to his email address,

Where did player ID come from?


To be continued...

[divVerent]

First of all - if such a scheme is to be implement, it won't be necessarily on all servers. Anyone is free to host a server without it, of course. As the verification is an extra step needing email address verification, you can be SURE the majority of servers will not use it. Most competition servers, however, likely will, as well as some popular FFA ones.

Secondly, a more technical description:

Public information: an elliptic group G, generator g, RSA modulus n = pq having enough bits to represent any element of G in a simple canonical representation, and a RSA encrypt/verify exponent e.
Auth server knows the RSA decrypt/sign exponent d that corresponds to e.

1. Client generates a random number s (of length of |G|)
2. Client calculates a group element k = g^s.
3. Client generates a random number r in the RSA group.
4. Client calculates x = k * r^e
5. Client sends x to the auth server.
6. Auth server will RSA-decrypt x, and get (k * r^e)^d = k^e * r, which he sends to the client as y.
7. Client calculates t = y * r^-1 = k^e
8. Client stores (s, k, t) in a private key store.

To authenticate:

1. Client sends (k, t).
2. Server verifies that k^e is indeed t. By that, the digital signature on the key is verified (i.e. the key is signed by the auth server).
3. Client performs multiple rounds of Schnorr identification using k = g^s in G.
4. Once server is convinced enough that the client knows s, this is proof that it is the client who owns the ID.

[Alien]

Thank you. What's the purpose of email here?