46 replies to this topic

[robhol]

oeed, on 28 January 2014 - 03:22 PM, said:

If you have block protection then you don't need encryption. If you want security you need to use a touch monitor with the computer hidden.

Wut? Yes you do. It's just that no matter what kind of security you have, it's pointless if people can chop their way through your walls. If you're planning on communicating without eavesdropping or tampering, you WILL need some kind of protection.

[oeed]

robhol, on 29 January 2014 - 02:06 AM, said:

oeed, on 28 January 2014 - 03:22 PM, said:

If you have block protection then you don't need encryption. If you want security you need to use a touch monitor with the computer hidden.

Wut? Yes you do. It's just that no matter what kind of security you have, it's pointless if people can chop their way through your walls. If you're planning on communicating without eavesdropping or tampering, you WILL need some kind of protection.

If you have block protection then people can't chop through walls.

[Luanub]

Bomb Bloke, on 28 January 2014 - 05:40 PM, said:

That depends on whether or not you wish to use wireless communications. Sure, if you can wire everything up and hide it in your base, then encryption is a non-issue, but the moment you bring wireless modems into it...

You still don't need encryption to stop people from sending wireless messages in to "hack" your system. You just have to code your programs to where they are smart enough to only receive rednet messages from your computers and no others.

Block protection is really the only form of securing your systems that you need, since it stops the whole drop a disk drive and stick in a floppy with a blank startup trick which is the main thing you should worry about.

[Wojbie]

Luanub, on 29 January 2014 - 02:41 AM, said:

You still don't need encryption to stop people from sending wireless messages in to "hack" your system. You just have to code your programs to where they are smart enough to only receive rednet messages from your computers and no others.

How exactly will you differentiate from "your" computer or someone else computer that is masquerading as "your" computer?
You can't trust sender id cause that is easy to fake. Only way i know for "secure" communication is encryption of message(and that still can be broken when someone knows your algorithm).

Edited by wojbie, 29 January 2014 - 04:21 AM.

[theoriginalbit]

Luanub, on 29 January 2014 - 02:41 AM, said:

You still don't need encryption to stop people from sending wireless messages in to "hack" your system. You just have to code your programs to where they are smart enough to only receive rednet messages from your computers and no others.

Modems use channels... rednet uses modems... rednet is no longer a secure way to make sure you're sending messages to only specific IDs.

For example take the following code, assume running on an old version of ComputerCraft.

Computer ID: 1

rednet.open('left')
rednet.send(2, 'EHLO')

Computer ID: 2

rednet.open('left')
print(rednet.receive()) --# gets the message EHLO

Computer ID: 3

rednet.open('left')
print(rednet.receive()) --# does not get the message EHLO

Now lets make one small change, as well as upgrade to a version of ComputerCraft that has the modem api

Computer ID: 1

rednet.open('left')
rednet.send(2, 'EHLO')

Computer ID: 2

rednet.open('left')
print(rednet.receive()) --# gets the message EHLO

Computer ID: 3

local modem = peripheral.wrap('left')
modem.open(2)
local event, side, sChannel, rChannel, msg = os.pullEvent("modem_message")
print(msg) --# oh look the message EHLO

Edited by theoriginalbit, 29 January 2014 - 04:41 AM.

[Wojbie]

theoriginalbit, on 29 January 2014 - 04:34 AM, said:

Computer ID: 3

local modem = peripheral.wrap('left')
local event, side, sChannel, rChannel, msg = os.pullEvent("modem_message")
print(msg) --# oh look the message EHLO

You forgot to open channel 2 in modem ;p

[theoriginalbit]

wojbie, on 29 January 2014 - 04:40 AM, said:

You forgot to open channel 2 in modem ;p

Whoops, thanks. I knew I was missing something.

Edited by theoriginalbit, 29 January 2014 - 04:42 AM.

[oeed]

So, I think we can conclude after various examples and discussions that security without block protection is pretty much impossible, and even if it weren't, pointless.

[Wojbie]

oeed, on 29 January 2014 - 05:05 AM, said:

So, I think we can conclude after various examples and discussions that security without block protection is pretty much impossible, and even if it weren't, pointless.

But encryption will still be interesting as a challenge and something fun to work on ;p Not 100% useful but interesting ;p

[oeed]

wojbie, on 29 January 2014 - 05:09 AM, said:

oeed, on 29 January 2014 - 05:05 AM, said:

So, I think we can conclude after various examples and discussions that security without block protection is pretty much impossible, and even if it weren't, pointless.

But encryption will still be interesting as a challenge and something fun to work on ;p Not 100% useful but interesting ;p

Oh of course, if you want to do it as a challenge go right ahead. It's just in the grand scheme of things it's not going to prevent much. But by all means, have at it.

[Luanub]

Spoiler

theoriginalbit, on 29 January 2014 - 04:34 AM, said:

Luanub, on 29 January 2014 - 02:41 AM, said:

You still don't need encryption to stop people from sending wireless messages in to "hack" your system. You just have to code your programs to where they are smart enough to only receive rednet messages from your computers and no others.

Modems use channels... rednet uses modems... rednet is no longer a secure way to make sure you're sending messages to only specific IDs.

For example take the following code, assume running on an old version of ComputerCraft.

Computer ID: 1

rednet.open('left')
rednet.send(2, 'EHLO')

Computer ID: 2

rednet.open('left')
print(rednet.receive()) --# gets the message EHLO

Computer ID: 3

rednet.open('left')
print(rednet.receive()) --# does not get the message EHLO

Now lets make one small change, as well as upgrade to a version of ComputerCraft that has the modem api

Computer ID: 1

rednet.open('left')
rednet.send(2, 'EHLO')

Computer ID: 2

rednet.open('left')
print(rednet.receive()) --# gets the message EHLO

Computer ID: 3

local modem = peripheral.wrap('left')
modem.open(2)
local event, side, sChannel, rChannel, msg = os.pullEvent("modem_message")
print(msg) --# oh look the message EHLO

This even supports my statement even more.

There are 65535 channels, and any one given computer can only open 128 channels at a time. That means in order to be listening to every single channel at any given point in time you would have to have 512 computers on recording the messages.

With a little work you could make finding your ID's(or even catching one of your messages) very unlikely.

Edited by Luanub, 29 January 2014 - 05:22 AM.

[Wojbie]

Luanub, on 29 January 2014 - 05:21 AM, said:

Spoiler

theoriginalbit, on 29 January 2014 - 04:34 AM, said:

Luanub, on 29 January 2014 - 02:41 AM, said:

You still don't need encryption to stop people from sending wireless messages in to "hack" your system. You just have to code your programs to where they are smart enough to only receive rednet messages from your computers and no others.

Modems use channels... rednet uses modems... rednet is no longer a secure way to make sure you're sending messages to only specific IDs.

For example take the following code, assume running on an old version of ComputerCraft.

Computer ID: 1

rednet.open('left')
rednet.send(2, 'EHLO')

Computer ID: 2

rednet.open('left')
print(rednet.receive()) --# gets the message EHLO

Computer ID: 3

rednet.open('left')
print(rednet.receive()) --# does not get the message EHLO

Now lets make one small change, as well as upgrade to a version of ComputerCraft that has the modem api

Computer ID: 1

rednet.open('left')
rednet.send(2, 'EHLO')

Computer ID: 2

rednet.open('left')
print(rednet.receive()) --# gets the message EHLO

Computer ID: 3

local modem = peripheral.wrap('left')
modem.open(2)
local event, side, sChannel, rChannel, msg = os.pullEvent("modem_message")
print(msg) --# oh look the message EHLO

This even supports my statement even more.

There are 65535 channels, and any one given computer can only open 128 channels at a time. That means in order to be listening to every single channel at any given point in time you would have to have 512 computers on recording the messages.

With a little work you could make finding your ID's(or even catching one of your messages) very unlikely.

You forget that one computer can have more that one Modem - that lowers scanner side to measly 86 computers. This becomes possible ;p
In the end this discussion is pointless because for each trick there is counter-trick.

[theoriginalbit]

Luanub, on 29 January 2014 - 05:21 AM, said:

This even supports my statement even more.

There are 65535 channels, and any one given computer can only open 128 channels at a time. That means in order to be listening to every single channel at any given point in time you would have to have 512 computers on recording the messages.

Haha, no it really doesn't support your statement
Also I count 86 computers, not 512. 65535/128/6=85.3

Luanub, on 29 January 2014 - 05:21 AM, said:

With a little work you could make finding your ID's(or even catching one of your messages) very unlikely.

*yawn* here is just a simplistic method that I've not even bothered to think more than 2 seconds about and I already know it would work on most servers, with a little bit more work it would work on all servers!

Step 1. Place down computer
Step 2. Make program with following on a disk

local max = os.computerID()
local modem = peripheral.wrap("left")

for i = 1, max do
  modem.open(i)
end

local _, _, sChannel, rChannel, msg = os.pullEvent("modem_message")

print("#"..rChannel.." sent a message to #"..sChannel.." saying: "..msg)

Step 3. Every few days re-place the computer (make sure not to label the computer, we want a new ID, hence suggesting the floppy in the previous step)
Step 4. ???
Step 5. Profit

Edited by theoriginalbit, 29 January 2014 - 05:32 AM.

[ElvishJerricco]

Luanub, on 29 January 2014 - 05:21 AM, said:

With a little work you could make finding your ID's(or even catching one of your messages) very unlikely.

You've actually kinda got something there. I tried to write an API for something like this a while back but ultimately I didn't want to spend the time to implement a cryptographically secure pseudo random number generator (CSPRNG for short). The idea is that you and another computer establish a common seed that no one else knows. Then you use that seed for the CSPRNG, which spits out numbers. Every time one of you sends a message, you both switch to the channel given by the next number from the generator. Because you share a seed, you will always be on the same channel. And because no one else has that seed, they won't be able to predict what channel you will be on.

Of course if you're going through all that effort, you might as well just use public/private key encryption instead. More secure and doesn't require a shared secret.

[theoriginalbit]

ElvishJerricco, on 29 January 2014 - 05:57 AM, said:

And because no one else has that seed, they won't be able to predict what channel you will be on.

The seed has to be shared at some point, plus the generators would have to have some other factor to them to make sure that both the computers get the same channel — since they cannot share the new channel info with each other — meaning that it will be some kind of formula, one that can easily be 'hacked'; as long as the initial seed message is received...

Edited by theoriginalbit, 29 January 2014 - 06:05 AM.

[Wojbie]

theoriginalbit, on 29 January 2014 - 06:04 AM, said:

ElvishJerricco, on 29 January 2014 - 05:57 AM, said:

And because no one else has that seed, they won't be able to predict what channel you will be on.

The seed has to be shared at some point, plus the generators would have to have some other factor to them to make sure that both the computers get the same channel — since they cannot share the new channel info with each other — meaning that it will be some kind of formula, one that can easily be 'hacked'; as long as the initial seed message is received...

And if seed is static then system becomes predictable (first message is always on channel x next on y) and can be cracked given time and some cute program that captures this preset - as i said for each trick there is counter-trick.

[6677]

I would propose a system which opened all 128 channels for a minute or so, then closes them and opens the next 128 channels and repeats until all channels are covered at which point it loops back (additional modems could speed this up). Any channels with activity are logged to a file. Leave it there a few days and eventually it will pick something up. A variation of the program could then carry on monitoring the channels you think are being used to confirm communications before you finally get in and attempt to hack the system. Although this is why next time I find myself on a computercraft server none of my base systems will be available on wireless. Wired connection requires physical tapping into the network cable which can easily be prevented with block protections.

[Wojbie]

6677, on 29 January 2014 - 06:27 AM, said:

I would propose a system which opened all 128 channels for a minute or so, then closes them and opens the next 128 channels and repeats until all channels are covered at which point it loops back (additional modems could speed this up). Any channels with activity are logged to a file. Leave it there a few days and eventually it will pick something up. A variation of the program could then carry on monitoring the channels you think are being used to confirm communications before you finally get in and attempt to hack the system. Although this is why next time I find myself on a computercraft server none of my base systems will be available on wireless. Wired connection requires physical tapping into the network cable which can easily be prevented with block protections.

Better yet - code it into Portable PC - run it in background and get location from GPS each time you captured something - with x tries you could triangulate position and get id of every talking computer in areas you walk in ;p ... You know what? i am gonna code it for myself ;p

As for wireless access? Make a firewall/repeater computer that sits between Wireless and Wired ;p Only one source of communication - easier to code some kind of access system ;p

On that note i think this discussion is getting more into discussion territory than suggestions one.

Edited by wojbie, 29 January 2014 - 06:34 AM.

[Buho]

Quote

Minecraft is not built for security in game.

You know what else is not built for security? The Internet. Not the way it was originally designed. But smart people have built ways around this vulnerable architecture. Likewise we can with Minecraft. Encrypt or hash everything going over rednet and you'll be off to the races.

I vote no: if you want encryption or hashing, write your own SHA implementation. Easier: write your own ROT-13 The 10% that oeed said can get in? This will easilly throw 90% of them

Yes, encryption and hashing are great ideas in CC: CC is for more than door passwords; encryption can protect your rednet. And writing your own encryption, authentication, and authorization are great learning tools!

[ElvishJerricco]

wojbie, on 29 January 2014 - 06:08 AM, said:

theoriginalbit, on 29 January 2014 - 06:04 AM, said:

ElvishJerricco, on 29 January 2014 - 05:57 AM, said:

And because no one else has that seed, they won't be able to predict what channel you will be on.

The seed has to be shared at some point, plus the generators would have to have some other factor to them to make sure that both the computers get the same channel — since they cannot share the new channel info with each other — meaning that it will be some kind of formula, one that can easily be 'hacked'; as long as the initial seed message is received...

And if seed is static then system becomes predictable (first message is always on channel x next on y) and can be cracked given time and some cute program that captures this preset - as i said for each trick there is counter-trick.

CSPRNGs are a well researched field. These algorithms are not simply "cracked" given time and "cute programing." The only way to get the same sequence is to have the seed, which cannot be reverse engineered by the definition of the term CSPRNG. The only problem is getting the seed shared, but that's why you'd only use this if you and another person already shared the secret.

theoriginalbit, on 29 January 2014 - 06:04 AM, said:

plus the generators would have to have some other factor to them to make sure that both the computers get the same channel

No. PRNGs are deterministic. They just look random. Given the same seed, you will get the same sequence. CSPRNGs are the same, just with much more secure algorithms.

So if both sides know the seed beforehand, they will never be on a predictable channel from someone else's POV and they will always be on a predictable channel from each others' POVs, again, by the definition of CSPRNG.

Edited by ElvishJerricco, 29 January 2014 - 01:38 PM.