[sldev] Cryptographic signing of UDP packets

John Hurliman jhurliman at jhurliman.org
Tue Dec 16 18:57:09 PST 2008

Previous message: [sldev] Cryptographic signing of UDP packets
Next message: [sldev] [HELP] What files to exclude/modify for a distributable SL client?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Side note: A private key is already exchanged at login, SecureSessionID.
It's used for computing the AssetID of some new assets before they're
uploaded by taking the MD5 of TransactionID+SecureSessionID on both the
client and the server. This is the OpenMetaverse.UUID.Combine() function.

John

On Tue, Dec 16, 2008 at 3:35 AM, Robin Cornelius
<robin.cornelius at gmail.com>wrote:

> Though this was worth kicking around here for a discussion.
>
> It was mentioned by Soft that adding a cryptographic hash/signature to
> each UDP packet was on the way, and given that the last 2 security
> updates were both UDP packet injection issues this could be a very
> good thing, but there may be unforced pitfalls and this is not in
> anyway aimed at LL, but its easy to balls up cryptography (And i for
> one is certainly not an expert in the field).
>
> The problems i see are
>
> 1) Increase of packet size and therefore bandwidth
>
> Is this going to be ALL UDP packets or just certain ones that are
> certainly more sensitive than others? Not applying to all still leaves
> a potential attack point but wastes bandwidth. This is also related to
> the size of the signature. If the signature is too small a brute force
> attack may be possible by just trying combinations of packets and
> getting a reply from the server, too large a signature and we have
> massive UDP packets so more bandwidth and lag?
>
> 2) Key exchange,
>
> I guess that this can occur over caps using https as part of the
> login, if we trust https for login then it should be trust worthy for
> key exchange?
>
> Also would this be some kind of direct symmetrical private key or
> would this be a public/private key asymmetrical system where
> essentially anyone could verify a packet if they can obtain a
> servers/clients public key.
>
> Keys could also be re-negotiated periodically to keep the actual keys
> in use rotating to make packet sniffing for brute force harder
>
>
> Any Thoughts?
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/SLDev
> Please read the policies before posting to keep unmoderated posting
> privileges
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20081216/ada4e43f/attachment.htm

Previous message: [sldev] Cryptographic signing of UDP packets
Next message: [sldev] [HELP] What files to exclude/modify for a distributable SL client?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list