[sldev] 3rd party viewer policy post on blogs.secondlife.com

Frisby, Adam adam at deepthink.com.au
Wed Oct 21 11:31:24 PDT 2009

Previous message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Next message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Not just hard, impossible.

The best you can get away with is obfuscation of a attached closed source (or obfuscated code) dependency that handles authentication. Which lasts about as long as it takes for someone to work out how it works (which generally isn't that long - hence the regular updates to things like punkbuster.)

Adam

> -----Original Message-----
> From: sldev-bounces at lists.secondlife.com [mailto:sldev-
> bounces at lists.secondlife.com] On Behalf Of Anders Arnholm
> Sent: Wednesday, 21 October 2009 11:27 AM
> To: Tigro Spottystripes
> Cc: Second Life Developer Mailing List; Anders Arnholm
> Subject: Re: [sldev] 3rd party viewer policy post on
> blogs.secondlife.com
> 
> 
> At first over view that idea sound so easy...
> But it's it really hard...
> 
> 
> On Wed, Oct 21, 2009 at 02:26:41PM -0200, Tigro Spottystripes wrote:
> > what I was thinking was that the viewer binary would somehow be
> signed
> > in a way that it could be verified as having been generated by
> someone
> > that has been given a trust key from LL, the exactly how part went
> > down the drain kinda
> >
> > Mike Dickson escreveu:
> > > How does that help validate a viewer is "certified"?  I can see a
> > > OTP to validate a user. The point with the GSM example is the
> source
> > > info is "tamper proof."  I don't see that here with a viewer,
> > > especially an open source one where source needs to be distributed.
> > >
> > > On Wed, 2009-10-21 at 15:59 +0000, Anders Arnholm wrote:
> > >
> > >> No the screat are probalt some muchg lnger than allen, it will be
> > >> trasforemed with an algoritm.
> > >>
> > >>     f(SKEY, Challange)
> > >>
> > >> Is what are going to be sent,  this to make sure that KEY are not
> > >> sent over the net and intercepter by anyone on the internet. The
> > >> problem some to the viewer have to be able to make the calculation
> > >> f(SKEY, Challange) to make this computation the coputer will need
> > >> to have both the function
> > >> f(k,c) and the SKEY someware. Whan you have both these to pices of
> > >> information in one computer figuring out f() and SKEY are a
> trivial
> > >> work.
> > >>
> > >
> > >
> > >
> > >
> >
> >
> > --
> > This message has been scanned for viruses and dangerous content by
> > MailScanner, and is believed to be clean.
> >
> 
> --
>       o_   Anders Arnholm,
>  o/  /\    anders at arnholm.se
> /|_, \\    http://anders.arnholm.se/
> /
> `

Previous message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Next message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list