Encryption in OTTD
Moderator: OpenTTD Developers
-
- Tycoon
- Posts: 1395
- Joined: 12 Jun 2004 00:37
- Location: United Kingdom of Great Britain and Northern Ireland
- Contact:
Encryption in OTTD
I'm curious - is the network data for the game encrypted? I'm guessing not.
Would it be possible to encrypt it? And before anyone asks Why - Why not. Is there any technical reason not to encrypt packet data?
Would it be possible to encrypt it? And before anyone asks Why - Why not. Is there any technical reason not to encrypt packet data?
Re: Encryption in OTTD
Yes.Moriarty wrote:Is there any technical reason not to encrypt packet data?
1) Encryption increases at least connection-initialization overhead[0]
2) Encryption usually adds additional per-packet overheads.
3) Encryption increases CPU load.
[0] Surely the point here is security, which means that it has to be some random-gen key(s), not something stored in the source.
To get a good answer, ask a Smart Question. Similarly, if you want a bug fixed, write a Useful Bug Report. No TTDPatch crashlog? Then follow directions.
Projects: NFORenum (download) | PlaneSet (Website) | grfcodec (download) | grfdebug.log parser
Projects: NFORenum (download) | PlaneSet (Website) | grfcodec (download) | grfdebug.log parser
Re: Encryption in OTTD
Considering the bandwidth consumed by OpenTTD, I think the increased CPU load from encrypting these few packets will be neglibigle. Worse may be adding dependency on some ssl/tls libraries and having to manage all the stuff. I guess the added benefit (having secure connection to the game server) will not convince devs to implement this. But maybe if you submit a patch ...
If you need something, do it yourself or it will be never done.
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
Re: Encryption in OTTD
And which gameserver owner is going to spend 500 US Dollars for a SSL Certificate to prove he is who is pretends he is? This is especially needed because you need some way to know for certain whether the other side is actually the server. If you do not you can have the so-called man-in-the-middle attacks which basically make the encryption useless.
So without a proper way to prove that the "other" side is actually the computer you want to talk to, i.e. the game server, there is no real meaning in using encryption as it will be overly easy to make a man-in-the-middle attack, which makes the encryption totally useless.
So without a proper way to prove that the "other" side is actually the computer you want to talk to, i.e. the game server, there is no real meaning in using encryption as it will be overly easy to make a man-in-the-middle attack, which makes the encryption totally useless.
-
- Tycoon
- Posts: 1395
- Joined: 12 Jun 2004 00:37
- Location: United Kingdom of Great Britain and Northern Ireland
- Contact:
Re: Encryption in OTTD
As a https doesn't seem to take more than several fractions of a second longer than regular http I think we can say initialisation doesn't need to be a problem.1) Encryption increases at least connection-initialization overhead[0]
2/3) - As pointed out, OTTD uses negligible bandwidth/CPU. I have no idea what the percentile increase would be, I can't say for certain what the increase would be, but a multiple of a small number is usually still a small number.
As to the SSL - Aren't there are other ways authenticate the server is what it says it is without an SSL cert. I.e.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
It strikes me that you could use http://www.openttd.org/servers.php as that secure channel/certificate authority. No $500 certificates needed.. Public keys can be verified by a Certificate Authority, whose public key is distributed through a secure channel (for example, with a web browser or OS installation).
Also:
Isn't this a logical fallacy?So without a proper way to prove that the "other" side is actually the computer you want to talk to, i.e. the game server, there is no real meaning in using encryption as it will be overly easy to make a man-in-the-middle attack, which makes the encryption totally useless.
"Because it can be broken with some effort there's no point putting it in".
And no, I'm not even remotely an expert on encrpytion.
Re: Encryption in OTTD
Seeing as some answers to the 'why not' were given, how about the 'why'? Why do you want to encrypt data that holds ottd user commands? Do you consider something in there to be that sensitive?Moriarty wrote:And before anyone asks Why - Why not.
Creator of the Openttd Challenge Spinoff, Town Demand patch
After action reports: The path to riches, A dream of skyscrapers
After action reports: The path to riches, A dream of skyscrapers
Re: Encryption in OTTD
Sniffing (passive surveillance) is usually much easier than man-in-the-middle (active surveillance). Many people with HTTPS servers out there use certificates from some university CA or som of their home-made CA. Also, for openttd, as authority certificates would be distributed with it, there could be some authority maintained by developers whivch will give certificates to servers for free after some validation ... for openttd server you will not need to give somebody your real name, postal address, etc ... just somewhat verify that the server is under your control.Rubidium wrote:And which gameserver owner is going to spend 500 US Dollars for a SSL Certificate to prove he is who is pretends he is? This is especially needed because you need some way to know for certain whether the other side is actually the server. If you do not you can have the so-called man-in-the-middle attacks which basically make the encryption useless.
So without a proper way to prove that the "other" side is actually the computer you want to talk to, i.e. the game server, there is no real meaning in using encryption as it will be overly easy to make a man-in-the-middle attack, which makes the encryption totally useless.
And 500 usd for certificate is expensive. I saw certs recognized in browsers given out for 20 usd/year (but probably still too much just for openttd server). Actually, I have not found certificate that was that much expensive, most expensive was 250 USD/year
Considering that for public servers, anybody can "sniff" you by simply joining as spectator, encryption is a bit futile (and sensitive data, aka the password is already exchanged in secure manner, not in plaintext)
So, it is IMHO too much effort for quite little benefit.
I think by combining with some application like ssltunnel or port forwarding over SSH you can get the encryption you want without having to modify openttd code at all.
If you need something, do it yourself or it will be never done.
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
Re: Encryption in OTTD
Well, I forgot about one thing. Once you connect, you start downloading the current map. Which can be like 4 megabyte download for the largest map sizes. And encryption will add some significant overhead here. But considering the map get compressed before sending, the overhead won't be as large, but still, it will be probably noticable.Moriarty wrote: 2/3) - As pointed out, OTTD uses negligible bandwidth/CPU. I have no idea what the percentile increase would be, I can't say for certain what the increase would be, but a multiple of a small number is usually still a small number. 8)
If you need something, do it yourself or it will be never done.
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
-
- Tycoon
- Posts: 1395
- Joined: 12 Jun 2004 00:37
- Location: United Kingdom of Great Britain and Northern Ireland
- Contact:
Re: Encryption in OTTD
Fair enough.Korenn wrote:Seeing as some answers to the 'why not' were given, how about the 'why'? Why do you want to encrypt data that holds ottd user commands? Do you consider something in there to be that sensitive?Moriarty wrote:And before anyone asks Why - Why not.
Because you can use the game to send messages, and there's no non-technical they should be in plain text. We have plenty of news stories of all manner of governments snooping on pretty much everything, and various telcos/ISPs do packet shaping etc.
Also, the more encrypted traffic there is, the harder it becomes for the people who want to spy to find the encrypted traffic that contains important stuff. So basically "why not" is the real answer, and not just me being a smart alec .
And no, I'm not a paranoid who encrypts everything. I don't even have a public/private key pair.
Quick test then. I created a 2000*2000 map, and encrypted it with Axcrypt.Well, I forgot about one thing. Once you connect, you start downloading the current map. Which can be like 4 megabyte download for the largest map sizes. And encryption will add some significant overhead here. But considering the map get compressed before sending, the overhead won't be as large, but still, it will be probably noticable.
Size before: 4.16MB
Size after: 4.16MB
So no difference. I used axcrypt because that's what I have installed. Feel free to test other packages, I'd be curious to see why Axcrypt doesn't result in a file size change.
And private servers?Considering that for public servers, anybody can "sniff" you by simply joining as spectator,
Re: Encryption in OTTD
Encryption will not make the file larger (or it will increase it only by few bytes in case there is some header telling how it is encrypted). But CPU will spend "considerable" amount of time (for files that large perhaps 200-500 msec, depending on the CPU speed) when encrypting it.Moriarty wrote: Quick test then. I created a 2000*2000 map, and encrypted it with Axcrypt.
Size before: 4.16MB
Size after: 4.16MB
Yes, in private servers it may be worth it, but I think setting up ssltunnel on server and telling the players how to connect to it would add encryption to the connection, while openttd does not have to care about it at all - it gets new unencrypted connection from the localhost end of the ssl tunnel, whle tre data in transit are encrypted.Moriarty wrote:And private servers?Considering that for public servers, anybody can "sniff" you by simply joining as spectator,
Perhaps best that could be done in this thing is post some "how to use ssltunnel with openttd to secure the conection" guide to openttd wiki...
If you need something, do it yourself or it will be never done.
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
Re: Encryption in OTTD
Thus easily 'attacked' by a man-in-the-middle because there is no trusted CA.Bilbo wrote:som of their home-made CA
And how would that validation work? Lots of servers change their IP address fairly regularly (due to DSL/Cable), so we need to make lots of certificates and perform lots of revocations. This means lots of work that could otherwise be used for better things. Furthermore the frequent changes means that developers need to reply 'quickly', which most likely is not going to happen because there are vast 'gaps' during the day which then make OpenTTD much less playable.Bilbo wrote:there could be some authority maintained by developers whivch will give certificates to servers for free after some validation
And how do we get 'proof' that somebody is who he/she pretends? People can easily fake email or nicks at IRC. So you suggest people to go to a developer in real life so they can prove it?
Re: Encryption in OTTD
Yes, unless you distribute the certificate by other means (but the question is how?), it is vulnerable. Still, if you visited the site before, you can get warning that the cert. authority have changed. And if you are the issuer, then you will trust yourself (mostly these sites have https mainly because of site admin logging in securely to site administration).Rubidium wrote:Thus easily 'attacked' by a man-in-the-middle because there is no trusted CA.Bilbo wrote:som of their home-made CA
And how would that validation work? Lots of servers change their IP address fairly regularly (due to DSL/Cable), so we need to make lots of certificates and perform lots of revocations. This means lots of work that could otherwise be used for better things. Furthermore the frequent changes means that developers need to reply 'quickly', which most likely is not going to happen because there are vast 'gaps' during the day which then make OpenTTD much less playable.Bilbo wrote:there could be some authority maintained by developers whivch will give certificates to servers for free after some validation
It could be connected with nick on tt-forums.net for example.Rubidium wrote: And how do we get 'proof' that somebody is who he/she pretends? People can easily fake email or nicks at IRC. So you suggest people to go to a developer in real life so they can prove it?
So when you connect to some server you will know who is the owner (of course unless someone steal someone else's forum account, as these forums operate over unencrypted http)
Still it could be open to attacks like registering similar names (Bilbo vs BiIbo - the small "L" replaced with capital "I") and abusing the fact that some characters look similar or even the same.
Also, the certificate giveout process would need to be automated ... some page checks authentication from forums and give you out your "personal server certificate".
edit:fix quoting
If you need something, do it yourself or it will be never done.
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
-
- Tycoon
- Posts: 1395
- Joined: 12 Jun 2004 00:37
- Location: United Kingdom of Great Britain and Northern Ireland
- Contact:
Re: Encryption in OTTD
200-500ms isn't even worth smiffing at. Not when you remember that the time taken to zip the thing up is significantly longer.Bilbo wrote:Encryption will not make the file larger (or it will increase it only by few bytes in case there is some header telling how it is encrypted). But CPU will spend "considerable" amount of time (for files that large perhaps 200-500 msec, depending on the CPU speed) when encrypting it.
Re: Encryption in OTTD
Umm may i ask why a game needs to send data encrypted (unless its a password) just sounds like a pointless idea that will take up peoples time.
Its not like any one is sending confidential infomation using the game anyway...
Its not like any one is sending confidential infomation using the game anyway...
Re: Encryption in OTTD
No, 200-500 ms isn't a big deal, but considering that open sends lots of small packages very second the game would be EXTREMELY laggy, especially when a client with a less powerful CPU joins. And even so, say the server generates a random key, but it has to tell the client about it, and then you can easily get the key. Since the source is under the GPL, there's not much you can do to implement encryption, and I highly doubt it's needed, it's a game, not a database containing top secret info about US!Moriarty wrote:200-500ms isn't even worth smiffing at. Not when you remember that the time taken to zip the thing up is significantly longer.Bilbo wrote:Encryption will not make the file larger (or it will increase it only by few bytes in case there is some header telling how it is encrypted). But CPU will spend "considerable" amount of time (for files that large perhaps 200-500 msec, depending on the CPU speed) when encrypting it.
Re: Encryption in OTTD
Even discussing this suggestion is a waste of time. Not to mention the -even if insignificant- waste of CPU and bandwidth.
Re: Encryption in OTTD
yeah, that's a very constructive post you've added... an even bigger waste of time.Arathorn wrote:Even discussing this suggestion is a waste of time. Not to mention the -even if insignificant- waste of CPU and bandwidth.
Creator of the Openttd Challenge Spinoff, Town Demand patch
After action reports: The path to riches, A dream of skyscrapers
After action reports: The path to riches, A dream of skyscrapers
Re: Encryption in OTTD
Ehm ... time to lock this thread? It seems that the discussion is somehow moving off the topic ...
If you need something, do it yourself or it will be never done.
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility
Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
-
- Tycoon
- Posts: 1395
- Joined: 12 Jun 2004 00:37
- Location: United Kingdom of Great Britain and Northern Ireland
- Contact:
Re: Encryption in OTTD
In that case please explain how this or this can work?Desolator wrote:Since the source is under the GPL, there's not much you can do to implement encryption, and I highly doubt it's needed, it's a game, not a database containing top secret info about US!
Being GPL isn't an impediment to encryption.
Sorry, I don't get what you're saying.No, 200-500 ms isn't a big deal, but considering that open sends lots of small packages very second the game would be EXTREMELY laggy, especially when a client with a less powerful CPU joins.
Re: Encryption in OTTD
And the moral? Don't plan your crimes in OTTD chat. Paranoia is all good, but I think you'll need something a little more solid/constructive to encourage someone to take on all the work it would entail.Because you can use the game to send messages, and there's no non-technical they should be in plain text. We have plenty of news stories of all manner of governments snooping on pretty much everything, and various telcos/ISPs do packet shaping etc.
Who is online
Users browsing this forum: No registered users and 41 guests