[sldev] Cryptographic signing of UDP packets

[Robin Cornelius]

Though this was worth kicking around here for a discussion.

It was mentioned by Soft that adding a cryptographic hash/signature to
each UDP packet was on the way, and given that the last 2 security
updates were both UDP packet injection issues this could be a very
good thing, but there may be unforced pitfalls and this is not in
anyway aimed at LL, but its easy to balls up cryptography (And i for
one is certainly not an expert in the field).

The problems i see are

1) Increase of packet size and therefore bandwidth

Is this going to be ALL UDP packets or just certain ones that are
certainly more sensitive than others? Not applying to all still leaves
a potential attack point but wastes bandwidth. This is also related to
the size of the signature. If the signature is too small a brute force
attack may be possible by just trying combinations of packets and
getting a reply from the server, too large a signature and we have
massive UDP packets so more bandwidth and lag?

2) Key exchange,

I guess that this can occur over caps using https as part of the
login, if we trust https for login then it should be trust worthy for
key exchange?

Also would this be some kind of direct symmetrical private key or
would this be a public/private key asymmetrical system where
essentially anyone could verify a packet if they can obtain a
servers/clients public key.

Keys could also be re-negotiated periodically to keep the actual keys
in use rotating to make packet sniffing for brute force harder


Any Thoughts?