On Sat, 25 May 2002, Bob Tanner wrote: > Can someone explain how the RSA (blessed clients) works? You should be able to find some good explanations already written if you search a bit. > What prevents a man-in-the-middle attack? Not much. > > I believe the public key is embedded in the binary and the private key is on the > metaserver, right? The private key is in the client. The only difference between the private and public key is that one is kept private and one isn't. > What prevents a user from picking out the embedded key and using it (writing > some code) to make a borg client that masquarades as a blessed binary? It's really hard to pick it out of the client. The key data never appears in the client, rather RSA mkkey program generates a bunch of C code that has the same effect as performing the RSA computation with the private key. Figuring out the private key from the compiled code would be really hard. The easiest way to hack netrek is to somehow replace the getpeername() call in the C library or operating system. Then you can trick a real client into authenticating your borg. Netrek's RSA keys are really short, so you can just crack them by brute force too. One would get much more security if you used the RSA mechanism to send a key for a fast symmetric cypher. Then use that key to encrypt the game traffic.