Re: Encryption Protocol for Game Network Traffic
First, thanks for the response! To address your first point, OpenSSL is not installed by default on Windows, which is my primary operating system. I listed some reasons why I don't want to use OpenSSL in the beginning of the post.
As a matter of fact, tls 1.3 uses sha512 as part of the cipher suite which includes x25519. I am not aware of any new attacks on sha512 since 2017 when the RFC was published, so I assume that the people behind tls knew about the ramifications of combining sha512 with x25519 when they made that decision. Nevertheless, it would be trivial to use any other hashing algorithm and I have actually looked into Blake2b, but haven't made my final decision yet. I don't think sha512 is a problem in and of itself, though.
Regarding monocypher, it is not written by a cryptographer either from what I can tell, but I investigated it very carefully nevertheless. It looks quite good, but my one concern is that it doesn't seem to support the IV/counter construct which is used by tls 1.3. The counter/IV approach makes it really convenient to send sequential messages. If I switch to XChacha20 instead, I will be using a 192 bit IV instead of a 96 bit one, and if I cannot do the counter approach I would have to send 24 bytes for every message. That would bring the overhead of each message from 16 to 40 bytes, which is far from ideal. The 16 byte overhead comes from the poly1305 tag, and right now I don't need to send neither the IV nor the counter over the network as they can be calculated by both parties based on the initial output from the key derivation function.
I do care about the overhead because I want to reduce network traffic as much as possible. For a single connection this is not a very big problem, but if a server is hosting a lot of games simultaneously it would quickly add up if packets are sent frequently.
I hope this reasoning makes sense. Thanks again for the feedback!
Kind regards,
Philip Bennefall
P.S. I did post an earlier draft of the protocol to the cryptography section of Stack Exchange, but it was considered off topic because it was too closely tied to my particular use case. I have tried to make it resemble tls 1.3 rather closely though, so unless I have made some obvious mistake, I think it should be reasonably good.
-- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
