reply below.. ----- Original Message ----- From: "Nicolai Haehnle" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 03, 2002 3:31 PM Subject: Re: [hlcoders] ogc required to play??
> Am Mittwoch, 2. Januar 2002 22:56 schrieben Sie: > > "Then the hook only need to listen on the network and it will get the > > key..." > > > > It won't do any good to get hold of the public key. That's the beauty of > > the public key system. You need both the private key and the public key to > > decrypt the message. The private key is never sent over the network. > > Actually, that's no problem. Remember you're man in the middle? There's a > tool (ettercap) that can automatically log all SSH sessions on a switched (!) > networked from an intruding PC. > > All that's required is that you're listening in the initial phase, so that > you can replace the keys used. This is obviously the case for a cheater proxy. > > Now you're all forgetting another problem with the HL protocol. Protocols > like ssh, https, etc... are stream-oriented which is crucial for the common > advanced encryption algorithms. Because the internal state of the algorithm > changes with the data, it cannot be applied to a packet-oriented protocol > like HL's - packets can be dropped or delivered out of order, which would > obviously mess up the algorithm. Game Programming Gems has a nice little section on network protocols and gives a few ideas of how to deal with the out of order problem, as well as getting around all but the most hardcore of packet sniffers by adding some random data to the end of your network packets tomake it a varible lenght and other handy stuff. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
