October 2003

• Scripting Languages and Magic gbtmud
• • Scripting Languages and Magic Edward Glowacki
  • • Scripting Languages and Magic Freeman, Jeff
    • Scripting Languages and Magic Patrick Dughi
    • • Scripting Languages and Magic Sheela Caur'Lir
    • Scripting Languages and Magic Patrick Dughi
  • Scripting Languages and Magic Smith, David {Lynchburg}
  • Scripting Languages and Magic Jonathon Duerig
  • Scripting Languages and Magic J C Lawrence
  • • Scripting Languages and Magic Richard A. Bartle
  • Scripting Languages and Magic eric
  • Scripting Languages and Magic Matthew Estes
  • • Scripting Languages and Magic Ben Chambers
    • • Scripting Languages and Magic J C Lawrence
      • • Scripting Languages and Magic Nathan F. Yospe
        • Scripting Languages and Magic Smith, David {Lynchburg}
        • • Scripting Languages and Magic J C Lawrence
  • Scripting Languages and Magic Edward Glowacki
  • • Scripting Languages and Magic Freeman, Jeff
  • Scripting Languages and Magic Crosbie Fitch
  • • Scripting Languages and Magic Sheela Caur'Lir
    • • Scripting Languages and Magic Crosbie Fitch
      • • Scripting Languages and Magic Sheela Caur'Lir
        • • Scripting Languages and Magic Nathan F. Yospe
          • Scripting Languages and Magic Marian Griffith
          • • Scripting Languages and Magic McDonald, Stephen
            • • Scripting Languages and Magic Sheela Caur'Lir
              • Scripting Languages and Magic Mats Lidstrom
            • Scripting Languages and Magic Sheela Caur'Lir
            • • Scripting Languages and Magic Eric Merritt
  • Scripting Languages and Magic gbtmud
  • Scripting Languages and Magic gbtmud
  • Scripting Languages and Magic Jo Dillon
  • Scripting Languages and Magic Kwon J. Ekstrom
  • • Scripting Languages and Magic ceo
  • Scripting Languages and Magic Steven Metke
  • Scripting Languages and Magic Alex Chacha
  • • Scripting Languages and Magic Jason Murdick
    • Scripting Languages and Magic J C Lawrence
  • Scripting Languages and Magic Nicolai Hansen
  • • Scripting Languages and Magic Sheela Caur'Lir
    • • Scripting Languages and Magic Adam Burr
• Budget (was size) Michael Sellers
• Graphics engine choice (size) Derek Licciardi
• • Graphics engine choice (size) Paolo Piselli
  • • Graphics engine choice (size) Sheela Caur'Lir
• R: size Ghilardi Filippo
• [TECH] TCP fundamental throughput limits? ceo
• • [TECH] TCP fundamental throughput limits? Jeremy Noetzelman
  • • [TECH] TCP fundamental throughput limits? Sheela Caur'Lir
    • [TECH] TCP fundamental throughput limits? Miroslav Silovic
    • • [TECH] TCP fundamental throughput limits? Jeremy Noetzelman
• [list] Scripting Languages and Magic Scion Altera
• • [list] Scripting Languages and Magic Talanithus HTML
• SSH Encryption on data stream Craig H Fry
• • SSH Encryption on data stream squid
  • SSH Encryption on data stream Mike Shaver
  • SSH Encryption on data stream Brian Hook
  • • SSH Encryption on data stream Amanda Walker
    • • SSH Encryption on data stream Christopher Allen
  • SSH Encryption on data stream Christopher Allen
  • • SSH Encryption on data stream Mike Shaver
  • SSH Encryption on data stream ceo
    Craig H Fry wrote:
    
    > So many games are plagued by packet sniffers I often wondered why
    > more companies didn't do a per-session SSH encryption on the data
    > stream. Has anyone tried or is it just assumed the over head for
    > packet encryption/decryption would cause a bottleneck? I'm
    > seriously considering using SSH for data encryption for my data
    > streams and was curious if it is worth looking into.
    
    What's the point?
    
    With security, first look at your threat model...
    
    - Diablo 1 had all the client-side calculations blown open by
    someone peeking at live RAM during runtime.
    
    Second, what's your policy (how are you going to prevent these
    threats?)...
    
    Just guesses, but:
    
    - 1. every client has means for checking server ID hardcoded in
    to them, and this is used for the server to ID itself to the
    client - 2. ...anything doesn't work because of man-in-the-middle
    attacks (you MUST know who the server is)
    
    Third, look at your implementation for the sec policy...
    
    - 1: Well, you can have a public key for the server, that is
    hardcoded into every client, and the server sends out stuff signed
    with it's private key. This way every client KNOWS when it's
    talking to the server, and you can build your connection happily
    from there.
    
    Finally, go back to your threat model, and check if it can defeat
    your sec policy + implementation...
    
    - Damn. Easy - I just find the bit of code in RAM that checks the
    server ID, and then I replace it with a jump to some code that
    just OK's EVERY server ID. Now I set up my server-in-the-middle,
    and the client thinks it's talking to the server, the server
    thinks it's talking to the client, and way-hey! I've got access to
    all traffic.
    
    So, back to the original question: What's the point? (or, if you
    prefer: what are you going to do to make this work?)
    
    Please understand I'm not saying it's impossible to do better, but
    you either need to offer a better security policy than the one I've
    outlined above (which is the standard one for SSH client-server
    authentication, so I'm assuming that as the base case) - or you have
    to offer an implementation that actually *works* in the presence of
    the threat model.
    
    Adam M
  • SSH Encryption on data stream F. Randall Farmer
  • SSH Encryption on data stream J C Lawrence
  • SSH Encryption on data stream Amanda Walker
  • SSH Encryption on data stream Felix A. Croes
• MUD-Dev Digest, Vol 4, Issue 30 Lee Sheldon
• • MUD-Dev Digest, Vol 4, Issue 30 Matt Mihaly
  • • MUD-Dev Digest, Vol 4, Issue 30 Dave Rickey
    • MUD-Dev Digest, Vol 4, Issue 30 Lee Sheldon
    • • MUD-Dev Digest, Vol 4, Issue 30 Matt Mihaly
• Web vs. Java client Mark 'Kamikaze' Hughes
• • Web vs. Java client Torgny Bjers
  • • Web vs. Java client ceo
    • Web vs. Java client Mark 'Kamikaze' Hughes
  • Web vs. Java client Elia Morling
  • Web vs. Java client Christopher Allen
  • • Web vs. Java client Baar - Lord of the Seven Suns
    • • Web vs. Java client Christopher Allen
    • Web vs. Java client Kwon J. Ekstrom
    • • Web vs. Java client Christopher Kohnert
      • • Web vs. Java client Christopher Allen
        • • Web vs. Java client ceo@grexengine.com
          • Web vs. Java client Baar - Lord of the Seven Suns
    • Web vs. Java client Mark 'Kamikaze' Hughes
    • • Web vs. Java client Matt Mihaly
      • Web vs. Java client Christopher Allen
  • Web vs. Java client Jeff Fuller
  • • Web vs. Java client(?) Joshua Judson Rosen
    • • Web vs. Java client(?) Eric Merritt
    • Web vs. Java client Eric Merritt
    • Web vs. Java client Mike Shaver
    • • Web vs. Java client Jeff Fuller
      • • Web vs. Java client Mike Shaver
  • Web vs. Java client Mark 'Kamikaze' Hughes
  • • Web vs. Java client Matt Mihaly
    • • Web vs. Java client Mark 'Kamikaze' Hughes
      • • Web vs. Java client Ben Greear
        • • Web vs. Java client Jeff Fuller
          • • Web vs. Java client Ben Greear
            • Web vs. Java client Kevin Reid
            • Web vs. Java client Joshua Judson Rosen
            • • Web vs. Java client Jeff Fuller
              • • Web vs. Java client Adam Burr
            • Web vs. Java client Daniel.Harman@barclayscapital.com
            • Web vs. Java client Kwon J. Ekstrom
            • Web vs. Java client Matt Mihaly
        • Web vs. Java client Matt Mihaly
• MudDev FAQ - part 2 Marian Griffith
• MMORPG: where to start for making and running a game Richard Brown
• • MMORPG: where to start for making and running a game Eric Lee {GAMES}
  • MMORPG: where to start for making and running a game Michael Sellers
  • • MMORPG: where to start for making and running a game ceo
    • MMORPG: where to start for making and running a game Corey Crawford
  • MMORPG: where to start for making and running a gam e Peter Tyson
  • • MMORPG: where to start for making and running a gam e ceo
  • MMORPG: where to start for making and running a game Edward Glowacki
  • MMORPG: where to start for making and running a game Oliver Smith
  • • MMORPG: where to start for making and running a game Dave Rickey
    • • MMORPG: where to start for making and running a gam e Daniel.Harman@barclayscapital.com
      • • MMORPG: where to start for making and running a gam e Michael Sellers
        • MMORPG: where to start for making and running a gam e Jeff Thompson
        • MMORPG: where to start for making and running a gam e Sheela Caur'Lir
        • MMORPG: where to start for making and running a gam e Derek Licciardi
    • MMORPG: where to start for making and running a game Lee Sheldon
    • • MMORPG: where to start for making and running a game ceo
      • • MMORPG: where to start for making and running a game Lee Sheldon
        • • MMORPG: where to start for making and running a game Patricia Pizer
          • • MMORPG: where to start for making and running a game Lee Sheldon
            • • MMORPG: where to start for making and running a game Patricia Pizer
      • MMORPG: where to start for making and running a game Oliver Smith
      • • MMORPG: where to start for making and running a game Lee Sheldon
      • MMORPG: where to start for making and running a game Oliver Smith
      • • MMORPG: where to start for making and running a game Lee Sheldon
        • MMORPG: where to start for making and running a gam e Koster, Raph
        • • MMORPG: where to start for making and running a gam e Lee Sheldon
          • MMORPG: where to start for making and running a game Sheela Caur'Lir
  • MMORPG: where to start for making and running a game Damion Schubert
• Open Source Rules Engine Craig H Fry
• • Open Source Rules Engine Emil Eifrem
• [NEWS] The Latest in TV Reality Michael Tresca
• • [NEWS] The Latest in TV Reality Dave Rickey