[netrek-dev] Call for feedback from: James Cameron

Fri Aug 24 15:39:43 CDT 2007

=- James Cameron wrote on Thu 23.Aug'07 at  9:37:44 +1000 -=

> The current RSA based client program verification scheme used by
> Netrek is trivial to defeat. Upon analysis, the reason for this is
> that the attacker (user) is in direct control of the hardware on
> which the program runs, and can simply modify the instructions
> being executed. There is nothing to prevent or detect this. TC and
> TPM would detect this.

Are there many games out there using TCA (TC+TPM) against cheating?

BTW, is netrek's RSA scheme explained somewhere in simple words,
i.e. not the source code?

> Further, such modifications can be automated and distributed
> rapidly over the internet.

Just because you can't avoid misbehaviour altogether you prefer
not to make it harder and therefore rarer at least.
There is never complete safety, you can only make it harder.
Even TCA it isn't impossible to break, just _much_ harder.

Sure, things can spread easily on the net.
Once technical possibilities reach limits, social ones have to
apply.

> That we have not seen many only indicates that the market is
> small; there are so few Netrek players.

How was it different when there have been many _many_ more players
in the past?
I wasn't aware of many intentional cheaters.

> If growth occurs, the problem will be enlarged. Social controls
> fail when social structure is changed.

So it has to be changed then, _too_.
Just because the old one fails it doesn't mean another one can't do
better.

> Continuum is complying with that definition. The server supports,
> and may require, RSA validation. The word "may" in this context
> can mean either "has permission to" or "might".

Understood... but you consider it useless, so you could save the
observer from the possibility of being mislead that it actually is
used the way as described elsewhere.
Given your concern about not wanting to give wrong feelings of
security this would be consistent.
But I forgot... that isn't _really_ your concern.

-- 
© Rado S. -- You must provide YOUR effort for your goal!
EVERY effort counts: at least to show your attitude.
You're responsible for ALL you do: you get what you give.