Ticket #1 (assigned task)

Opened 3 years ago

Last modified 2 years ago

Make public/private key system for GUID autentifications

Reported by: mdoison Owned by: amanieu
Priority: major Milestone:
Component: both Version: Kitty
Keywords: Cc:

Description

First Tremulous GUID system gener randomly a private GUID at first tremulous execution. It was very dangerous, because GUID was same on each tremulous server, and any admin on one server could use other GUID key to become admin on other server.

Tremulous devs fix it with generation of a private GUID for each tremulous server, but it become impossible to trace players on différent servers (public guid not shared).

To trace players without make a leak, we must use a ssh-like authentification system with public/private key, but server and client *must* be compatible with original tremulous server and client.

Change History

Changed 3 years ago by mdoison

  • owner pierref deleted
  • component changed from server to both

Changed 3 years ago by amanieu

  • owner set to amanieu
  • status changed from new to assigned

Changed 3 years ago by mdoison

  • version changed from Eggy to Kitty

Changed 3 years ago by benmachine

The major problem in this task is completing the challenge decryption within a single server frame. Since Tremulous doesn't support multithreading, any operation taking more than a hundred milleseconds or so will noticeably lag the server. You have the difficult task of either a) finding an asymmetric key encryption technology that decrypts completes in just a few milleseconds, b) find some way of separating the decryption process into several smaller chunks that can each be completed very quickly or c) adding multithreading support or something similar to Tremulous.

Changed 3 years ago by mdoison

We find some ideas about this problem.

In any case, quake3 has no physical security. If someone can get a paquet with encrypting message, he can get a paquet with rcon password.

So it's possible to encrypt only one message during !setlevel (or next map loading to prevent from server lags) and send same message for each connections.

Changed 2 years ago by amanieu

My code will save pre-encrypted messages in admin.dat, and will use them instead of making new ones at connect. The messages will be renewed during frames in which no clients are "ACTIVE" (entered the game), such as when they are loading the map. This should leave enough time for the server to renew a few messages, and most used messages will have a higher priority.

Changed 2 years ago by Amanieu

Final patch released on the MG patch tracker.

Changed 2 years ago by amanieu

If you want to try it, download the client from http://tremulous-amanieu.googlecode.com/ and in the console type: /connect amanieu.homelinux.com:32123

Note: See TracTickets for help on using tickets.