Cryptography Implementation Discussion

[Ipquarx]

I think it would be best for us to get the entropy from the host mashing on the keyboard for a few seconds.

[Ad Bot]

[Greek2me]

Okay, as long as it's the host's player and not somebody else's.

I think it would be best for us to get the entropy from the host mashing on the keyboard for a few seconds.

I don't think we can get the keyboard input directly on a dedicated server. They would have to do something like this:

Code: [Select]

entropy( "aiughareuighdioaguhduioafghduioaghdiagh" );

[Xalos]

I don't think we can get the keyboard input directly on a dedicated server. They would have to do something like this:

Code: [Select]

entropy( "aiughareuighdioaguhduioafghduioaghdiagh" );

See how often a, g, and h clump together? Or u and i? You probably weren't trying your hardest, but do you think the average "why do I have to do this anyway' guy is going to try THEIR hardest? Plus letters probably tend to clump regardless, just because of how the human brain works. We don't really generate true randomness, as any of the pro rock-paper-scissors players can tell you.

[Greek2me]

See how often a, g, and h clump together? Or u and i? You probably weren't trying your hardest, but do you think the average "why do I have to do this anyway' guy is going to try THEIR hardest? Plus letters probably tend to clump regardless, just because of how the human brain works. We don't really generate true randomness, as any of the pro rock-paper-scissors players can tell you.

Yep.

We would probably be better off doing what Lugnut said and have the host player move around. We could make it so that they have to go a certain distance before they can stop.

[Ipquarx]

See how often a, g, and h clump together? Or u and i? You probably weren't trying your hardest, but do you think the average "why do I have to do this anyway' guy is going to try THEIR hardest? Plus letters probably tend to clump regardless, just because of how the human brain works. We don't really generate true randomness, as any of the pro rock-paper-scissors players can tell you.

Even if you only use 16 out of the >64 different characters available on the average keyboard, and assuming that the text has ~4/8 bits of entropy per character, as long as we get a sufficient number of characters (ex. 120) we can use sha1 to generate sufficient randomness from each 30 or so characters and still get a very good amount of entropy. around 240 bits worth. (16^30*4/8)^120/30 == 2²⁴⁰

In other words it would be easier to brute force the sha1 hash for collisions (which, mind you, not a single one has been found to date) than actually try to decipher the plaintext.

[Reinforcements]

Well then what do you suggest? Do we have some sort of variable somewhere that has some user input and a script that generates random seeds out of that?

Hey, I came across this a while back.

http://www.random.org/files/

You could download one of these text files and load it as a string. You could then pick a random position from that string and read a few bytes of binary starting from that position. Then you could take those bytes and convert them into an integer.

[Lugnut]

~30 files, (2 + 1/12) years worth, so 30 * (2 + 1/12) text files
how much data is that?
8,388,608 bits == 1048576 bytes == 1024 kilobytes? == 1 megabyte

therefore, one megabyte per day. 365 days in a year, 20 days into this year, 385MB of data to download all the random files

from there, work your way through brute forcing every possible "few bytes of binary"
upon successful discovery of the random file that created the secret key that corresponds to the public key, or however the math works, i'm presently foggy....
because the file would be hardcoded into the add-on...
you now have the secret
wtf am i even talking about, 1MB of random seed data from which ALL KEYS ARE GENERATED comes from one dinkyass file included in the goddamned add-on

no no no no that simply will NOT work

does anyone know how long it would take to make a rainbow table of all possible private keys from 1MB of source random data? like a day at the extreme upper end? an hour? ten minutes?

Code: [Select]

entropy( "aiughareuighdioaguhduioafghduioaghdiagh" );

logged in the console
we're cutting corners a bit to much for my comfort, we're leaving gaps in this all over the loving place. there's a difference between making mathematical algorithms precisely, and leaving doors for the numbers to be observed at all kinds of different places
it's like having love with your blinds open

Yep.

We would probably be better off doing what Lugnut said and have the host player move around. We could make it so that they have to go a certain distance before they can stop.

if they don't deviate from a straight line enough (say we do linear regression with the points they travel to at the same time the randomness generator samples stuff, linreg has an "r" variable which is more or less how accurate the line of best fit is) if that line isn't a really stuffty fit (aka they more or less walked a straight line) then they have to keep doing random stuff until it is
this sets a lower limit on how not-random it is.

See how often a, g, and h clump together? Or u and i? You probably weren't trying your hardest, but do you think the average "why do I have to do this anyway' guy is going to try THEIR hardest? Plus letters probably tend to clump regardless, just because of how the human brain works. We don't really generate true randomness, as any of the pro rock-paper-scissors players can tell you.

unless i'm horribly mistaken, it just has to be not-reproducable and not brute forceable (i'm pretty sure neither of those is words)
you make a sound point for a form of side channel attack, but that'd be pretty sophisticated.

[Reinforcements]

~30 files, (2 + 1/12) years worth, so 30 * (2 + 1/12) text files
how much data is that?
8,388,608 bits == 1048576 bytes == 1024 kilobytes? == 1 megabyte

therefore, one megabyte per day. 365 days in a year, 20 days into this year, 385MB of data to download all the random files

from there, work your way through brute forcing every possible "few bytes of binary"
upon successful discovery of the random file that created the secret key that corresponds to the public key, or however the math works, i'm presently foggy....
because the file would be hardcoded into the add-on...
you now have the secret
wtf am i even talking about, 1MB of random seed data from which ALL KEYS ARE GENERATED comes from one dinkyass file included in the goddamned add-on

no no no no that simply will NOT work

does anyone know how long it would take to make a rainbow table of all possible private keys from 1MB of source random data? like a day at the extreme upper end? an hour? ten minutes?logged in the console
we're cutting corners a bit to much for my comfort, we're leaving gaps in this all over the loving place. there's a difference between making mathematical algorithms precisely, and leaving doors for the numbers to be observed at all kinds of different places
it's like having love with your blinds openif they don't deviate from a straight line enough (say we do linear regression with the points they travel to at the same time the randomness generator samples stuff, linreg has an "r" variable which is more or less how accurate the line of best fit is) if that line isn't a really stuffty fit (aka they more or less walked a straight line) then they have to keep doing random stuff until it is
this sets a lower limit on how not-random it is.unless i'm horribly mistaken, it just has to be not-reproducable and not brute forceable (i'm pretty sure neither of those is words)
you make a sound point for a form of side channel attack, but that'd be pretty sophisticated.

Whoa, dude. I was just pointing towards a potential alternative to the getRandom function.

What's the actual goal here by the way? (Like what's"the add-on"?)

[Ipquarx]

What's the actual goal here by the way? (Like what's"the add-on"?)

What we're discussing is some way to hopefully generate secure random numbers.

logged in the console

Good point. Maybe have the server host use a slash command when they spawn? I'm pretty sure the chat length limit would allow that so long as they don't prefix their randomness with 20 spaces...

[Greek2me]

Good point. Maybe have the server host use a slash command when they spawn? I'm pretty sure the chat length limit would allow that so long as they don't prefix their randomness with 20 spaces...

I'd prefer the random movement thing. It's much more random/harder to reproduce.

[Ipquarx]

I'd prefer the random movement thing. It's much more random/harder to reproduce.

Fair enough. I'll get to work on that.

[Lugnut]

wtfno

no, there is no "prefer" (no offense)
unless the method will definitely forget up the entire thing, there is no reason to not include both and require them to do X walking/dancing/jumping/looking and 30 characters of random stuff via servercmd. we now have random position numbers, and random text-data.

can someone explain how also reading the other player's position/rotation IN ADDITION TO THE HOST would be bad?

Allow input from all players on the server - at worst their input is predetermined and useless, at best their input increases the entropy greatly

we also should think about some kind of "antivirus" or anti-tampering mechanism or something, if possible. Could we export the mod to main.cs upon first install, then whenever the game launches, the mod will be in ram. when the game shuts down, disable all other packages... maybe verify the integrity of the export function, somehow? and then write to the main.cs again? basically, by being the alpha mod loaded in and the omega mod shut down, we can circumvent other add-ons tampering

that's the theory anyway, it needs work. i've been putting thought into an "antivirus" mod for blockland, you see.

[0xBRIANSMITH]

Lugnut it ain't possible to do that. If you wamna try I will be more than happy to write something rhat gets passed it.

[Lugnut]

i know it can't prevent external attacks, and it's a stretch to prevent internal ones... just a thought.

[Greek2me]

Sure, I never said that we couldn't do both. Just as long as it isn't only a server command and it isn't only a single, non-host player moving.

Could we export the mod to main.cs upon first install, then whenever the game launches, the mod will be in ram. when the game shuts down, disable all other packages... maybe verify the integrity of the export function, somehow? and then write to the main.cs again? basically, by being the alpha mod loaded in and the omega mod shut down, we can circumvent other add-ons tampering

That's basically the way I would write a Blockland virus, but that won't work here. If there's a script with malicious intent, all it has to do is overwrite whatever function or disable whatever our package uses, and then delete main.cs.