-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Oliver wrote: > right.. but what about a public/private key like exchange, similar to > that which we use with SSH? the server generates a unique private key > and stores that key in a private database matching it to a public key > which it ships with the binary. just as with SSH, the software to generate > the key is openly available but the unique public/private key combination > itself is not easily reproduceable: the server only allows one current > connection from a signed binary client with the correct corresponding, > registered public key.
This doesn't work - how exactly is the client protected against modification by a public key that *doesn't* depend on the content of the executable binary? Moreover, you cannot make the key secret - if we are speaking about an open source game, there is nowhere to hide it. Public key crypto is not appropriate for this - the same as the music industry learned in the DRM case. Crypto is designed to work with *both* ends trusted and assumed secure and the transmission channel insecure - you are protecting the data in transit. If the remote end is untrusted (the game client), no crypto will save you. In the above example you will only protect the transmitted data from being sniffed or altered, but the client can still send junk (but properly authenticated!) and the server will be none the wiser. Regards, Jan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFHb78en11XseNj94gRAk6tAJ9YT5+k/zkPneRNXdyjvQH8rnA4EwCZAQNZ yZaukhFFBZHdpJsxP/AjgKI= =tJcy -----END PGP SIGNATURE----- _______________________________________________ Soya-user mailing list [email protected] https://mail.gna.org/listinfo/soya-user
