On Sat, 25 May 2002, Bob Tanner wrote:
> Can someone explain how the RSA (blessed clients) works?

You should be able to find some good explanations already written if you
search a bit.

> What prevents a man-in-the-middle attack?

Not much.  
> 
> I believe the public key is embedded in the binary and the private key is on the
> metaserver, right?

The private key is in the client.  The only difference between the private and
public key is that one is kept private and one isn't.

> What prevents a user from picking out the embedded key and using it (writing
> some code) to make a borg client that masquarades as a blessed binary?

It's really hard to pick it out of the client.  The key data never appears in
the client, rather RSA mkkey program generates a bunch of C code that has the
same effect as performing the RSA computation with the private key.  Figuring
out the private key from the compiled code would be really hard.

The easiest way to hack netrek is to somehow replace the getpeername() call in
the C library or operating system.  Then you can trick a real client into
authenticating your borg.

Netrek's RSA keys are really short, so you can just crack them by brute force
too.

One would get much more security if you used the RSA mechanism to send a key
for a fast symmetric cypher.  Then use that key to encrypt the game traffic.