Though this was worth kicking around here for a discussion. It was mentioned by Soft that adding a cryptographic hash/signature to each UDP packet was on the way, and given that the last 2 security updates were both UDP packet injection issues this could be a very good thing, but there may be unforced pitfalls and this is not in anyway aimed at LL, but its easy to balls up cryptography (And i for one is certainly not an expert in the field).
The problems i see are 1) Increase of packet size and therefore bandwidth Is this going to be ALL UDP packets or just certain ones that are certainly more sensitive than others? Not applying to all still leaves a potential attack point but wastes bandwidth. This is also related to the size of the signature. If the signature is too small a brute force attack may be possible by just trying combinations of packets and getting a reply from the server, too large a signature and we have massive UDP packets so more bandwidth and lag? 2) Key exchange, I guess that this can occur over caps using https as part of the login, if we trust https for login then it should be trust worthy for key exchange? Also would this be some kind of direct symmetrical private key or would this be a public/private key asymmetrical system where essentially anyone could verify a packet if they can obtain a servers/clients public key. Keys could also be re-negotiated periodically to keep the actual keys in use rotating to make packet sniffing for brute force harder Any Thoughts? _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/SLDev Please read the policies before posting to keep unmoderated posting privileges
