Jump to content




Inbuilt Encryption


46 replies to this topic

#1 makerimages

  • Members
  • 236 posts

Posted 27 January 2014 - 11:00 AM

It would be great to have an inbuilt way of encrypting data, with most of the widespread forms: sha1, md5 and some of the sha-2 ones.

Would be great if we could encrypt no matter what, so we could to this:

local table={}
table[0]="Encrypt me!"
local encryped=textutils.encrypt(table,"sha-512") --Returns a table

Would also go very well with the new improved serialization coming in 1.6.

#2 CometWolf

  • Members
  • 1,283 posts

Posted 27 January 2014 - 12:35 PM

Encryption is so utterly meaningless in cc, and there's already APIs for encryptions. Personally i think it's better this way cause it forces people to learn about encryption if they wish to use it. Well unless they use the API that is...

#3 oeed

    Oversimplifier

  • Members
  • 2,095 posts
  • LocationAuckland, New Zealand

Posted 27 January 2014 - 04:01 PM

 CometWolf, on 27 January 2014 - 12:35 PM, said:

Encryption is so utterly meaningless in cc, and there's already APIs for encryptions. Personally i think it's better this way cause it forces people to learn about encryption if they wish to use it. Well unless they use the API that is...

I agree completely. People are always going on about how you need to encrypt passwords in your app. But, one, I can open your program and get the decrypting line of code. And two, why do you need a password for anything anyway?

#4 ElvishJerricco

  • Members
  • 803 posts

Posted 27 January 2014 - 05:02 PM

 oeed, on 27 January 2014 - 04:01 PM, said:

I can open your program and get the decrypting line of code.

Although I agree that adding encryption to CC on its own isn't a great idea, and encryption in general isn't a necessary for CC usages, what you said there is generally incorrect. Passwords are encrypted via hashing so you can check against the hash for correct passwords, but you cannot decrypt that password.

Edited by ElvishJerricco, 27 January 2014 - 05:03 PM.


#5 Engineer

  • Members
  • 1,378 posts
  • LocationThe Netherlands

Posted 27 January 2014 - 05:16 PM

Encryption is not the same as hashing:
Encryption: http://en.m.wikipedi...wiki/Encryption
Hashing: http://en.m.wikipedi...c_hash_function

Anyway, I think that CC is more intended to control your world, rather than locking doors :P However, it is implementable by yourself, and there are API's out there.

#6 oeed

    Oversimplifier

  • Members
  • 2,095 posts
  • LocationAuckland, New Zealand

Posted 27 January 2014 - 05:37 PM

 ElvishJerricco, on 27 January 2014 - 05:02 PM, said:

 oeed, on 27 January 2014 - 04:01 PM, said:

I can open your program and get the decrypting line of code.

Although I agree that adding encryption to CC on its own isn't a great idea, and encryption in general isn't a necessary for CC usages, what you said there is generally incorrect. Passwords are encrypted via hashing so you can check against the hash for correct passwords, but you cannot decrypt that password.
Yes, I am aware that they're different things. If hashing were used it'd be just as easy to get around it. Just edit the program.

#7 Symmetryc

  • Members
  • 434 posts

Posted 27 January 2014 - 06:18 PM

 oeed, on 27 January 2014 - 05:37 PM, said:

 ElvishJerricco, on 27 January 2014 - 05:02 PM, said:

 oeed, on 27 January 2014 - 04:01 PM, said:

I can open your program and get the decrypting line of code.

Although I agree that adding encryption to CC on its own isn't a great idea, and encryption in general isn't a necessary for CC usages, what you said there is generally incorrect. Passwords are encrypted via hashing so you can check against the hash for correct passwords, but you cannot decrypt that password.
Yes, I am aware that they're different things. If hashing were used it'd be just as easy to get around it. Just edit the program.
Hashing is a one way deal. Even if you got the hashed password, you wouldn't know the actual password (ignoring rainbow tables).

#8 Bomb Bloke

    Hobbyist Coder

  • Moderators
  • 7,099 posts
  • LocationTasmania (AU)

Posted 27 January 2014 - 07:28 PM

But if you captured a hash of a password, then would you need to know what the actual password was?

#9 Symmetryc

  • Members
  • 434 posts

Posted 27 January 2014 - 08:35 PM

Not necessarily, the program could look like this:
local pass = "heifnsjeoxhriei"
if sha256(read()) == pass then
  --# stuff
end
That way, when you try to do what oeed said, you would only see the hashed password, but not the actual one.

But this is sort of a moot point because if you were able to edit the program, you could just remove the password part of the code entirely :P.

#10 oeed

    Oversimplifier

  • Members
  • 2,095 posts
  • LocationAuckland, New Zealand

Posted 27 January 2014 - 09:05 PM

 Symmetryc, on 27 January 2014 - 08:35 PM, said:

But this is sort of a moot point because if you were able to edit the program, you could just remove the password part of the code entirely :P.

That's what I was try to say :P

#11 awsmazinggenius

  • Members
  • 930 posts
  • LocationCanada

Posted 27 January 2014 - 09:35 PM

You could block out fs.open(<file>, "w") until they enter a password to prevent that :)

#12 oeed

    Oversimplifier

  • Members
  • 2,095 posts
  • LocationAuckland, New Zealand

Posted 27 January 2014 - 09:50 PM

 awsmazinggenius, on 27 January 2014 - 09:35 PM, said:

You could block out fs.open(<file>, "w") until they enter a password to prevent that :)
Whack down a disk drive and a blank startup folder then reboot.

Security is essentially impossible in CC. Now, if you have a door lock 90% of people won't be able to open it. But those other 10% of people would be able to no matter what security you had (unless there was some block protection mod on the server and you hid the computer.)

But with the advent of the new PDAs I'm quite excited to see what will become of the door locks. Now you'll just need a hidden computer and a PDA. That's security.

Unless of course someone kills you and takes the PDA.

#13 robhol

  • Members
  • 182 posts

Posted 28 January 2014 - 12:43 AM

Everybody knows you can't have security without build protection, it's completely obvious. You know what's even easier than "hacking" a door lock? Chopping down the damn door. :P

#14 oeed

    Oversimplifier

  • Members
  • 2,095 posts
  • LocationAuckland, New Zealand

Posted 28 January 2014 - 12:46 AM

 robhol, on 28 January 2014 - 12:43 AM, said:

Everybody knows you can't have security without build protection, it's completely obvious. You know what's even easier than "hacking" a door lock? Chopping down the damn door. :P

Yes... now I think of it that'd be a lot easier :P

#15 surferpup

  • Members
  • 286 posts
  • LocationUnited States

Posted 28 January 2014 - 12:27 PM

I have fun by using wireless rednet to pass signals to a centrally protected computer that then issues the necessary commands to other computers to open/close stuff for me. But then again, all you have to do is intercept the signals, and viola! -- You have access to whatever you want. Minecraft is not built for security in game. It is built to have fun with your creations. If you are having problems with people breaking your stuff or constantly trying to hack you, sounds like you need to move to a new server or build your own. Just saying.

The only use I can see for encryption is as a teaching tool for those who use ComputerCraft to learn or teach about computer programming and networking constructs (consider Lyqyd's LyqydNet project). It is a very cool project, and one can learn a lot about networking from it. However, I do not believe Lyqyd's intent was to dominate the world of networking and build a impenetrable firewall or router with it. It is useful, and cool. I could see encryption projects in this same vein. Coolness, not security.

#16 robhol

  • Members
  • 182 posts

Posted 28 January 2014 - 03:17 PM

You actually can have security. All you need is insurance against physical tampering, (read: basic block protection that's been around for years) and then you can implement encryption. It's slow (because Lua) and cumbersome (because Lua), but it's certainly possible.

Edited by robhol, 28 January 2014 - 03:18 PM.


#17 oeed

    Oversimplifier

  • Members
  • 2,095 posts
  • LocationAuckland, New Zealand

Posted 28 January 2014 - 03:22 PM

 robhol, on 28 January 2014 - 03:17 PM, said:

You actually can have security. All you need is insurance against physical tampering, (read: basic block protection that's been around for years) and then you can implement encryption. It's slow (because Lua) and cumbersome (because Lua), but it's certainly possible.
If you have block protection then you don't need encryption. If you want security you need to use a touch monitor with the computer hidden.

#18 Bomb Bloke

    Hobbyist Coder

  • Moderators
  • 7,099 posts
  • LocationTasmania (AU)

Posted 28 January 2014 - 05:40 PM

That depends on whether or not you wish to use wireless communications. Sure, if you can wire everything up and hide it in your base, then encryption is a non-issue, but the moment you bring wireless modems into it...

#19 6677

  • Members
  • 197 posts
  • LocationCambridgeshire, England

Posted 28 January 2014 - 06:12 PM

Network traffic cross server can certainly be encrypted, but what on earth are you sending on a server that needs to be encrypted? I'd rather stick some wired modems in my base with block protection.

Always an educational exercise though.

#20 oeed

    Oversimplifier

  • Members
  • 2,095 posts
  • LocationAuckland, New Zealand

Posted 29 January 2014 - 01:25 AM

 Bomb Bloke, on 28 January 2014 - 05:40 PM, said:

That depends on whether or not you wish to use wireless communications. Sure, if you can wire everything up and hide it in your base, then encryption is a non-issue, but the moment you bring wireless modems into it...

Hmm, this'd be the one use for it really. But unless you're at nuclear war with someone I can't see it becoming to much of an issue.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users