Am Mittwoch, 2. Januar 2002 22:56 schrieben Sie: > "Then the hook only need to listen on the network and it will get the > key..." > > It won't do any good to get hold of the public key. That's the beauty of > the public key system. You need both the private key and the public key to > decrypt the message. The private key is never sent over the network.
Actually, that's no problem. Remember you're man in the middle? There's a tool (ettercap) that can automatically log all SSH sessions on a switched (!) networked from an intruding PC. All that's required is that you're listening in the initial phase, so that you can replace the keys used. This is obviously the case for a cheater proxy. Now you're all forgetting another problem with the HL protocol. Protocols like ssh, https, etc... are stream-oriented which is crucial for the common advanced encryption algorithms. Because the internal state of the algorithm changes with the data, it cannot be applied to a packet-oriented protocol like HL's - packets can be dropped or delivered out of order, which would obviously mess up the algorithm. > The problem of the DLL having access to all the info known by the client is > a tough one which is why I was thinking of encrypting the player movement > packet as processed by the mod. If the legitimate client DLL encrypted the > movement packet before feeding it to the engine, the hack DLL would be SOL. > The hack would be forced to try to decrypt the message, modify it, then > re-encrypt using the keys known only by the client DLL and the server. The > trick here is keeping an outside DLL from discovering the private key of > the client DLL. Which is impossible. Even if there were no debuggers out there, you could still disassemble the client DLL. Sure, you can make things harder for the hackers. But you can't keep them out forever. cu, Prefect _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
