Author Topic: Global Login System (Implementation Discussion) (Read 83964 times)

jitspoe · « **Reply #140 on:** September 07, 2006, 01:01:13 AM »

php5 doesn't have mysql enabled by default or something (don't know why they would do that), but I'm running 4.3. I think I have everything straightened out now. I ran up2date on php-mysql (after opening a support ticket to get them to fix up2date) and restarted apache. up2date tried to reinstall mysql 3.x, but failed, so it's still using 5.0.

Smokey · « **Reply #141 on:** September 07, 2006, 04:36:51 AM »

are you going to use my sweet ajax system?

jitspoe · « **Reply #142 on:** September 07, 2006, 01:07:08 PM »

Maybe, but it will require some tweaking. I'll worry about making it look pretty later. I just want to make it functional for now.

Smokey · « **Reply #143 on:** September 07, 2006, 01:49:23 PM »

that is functional!
I mean, think about it

Anyways SWEET.

jitspoe · « **Reply #144 on:** September 11, 2006, 08:37:33 PM »

Anybody know anything about configuring mail servers? I'm trying to get activation numbers to send, but they're getting filtered. I think it's because @dplogin.com email addresses don't exist, but I'm not sure how to create them.

Edit: Nevermind. I think I've figured it out. It was configured to use mail.dplogin.com instead of just dplogin.com. I think it's set up right now. Email sent to no-reply@dplogin.com should get sent straight to /dev/null.

Smokey · « **Reply #145 on:** September 12, 2006, 12:56:12 PM »

with php iv never had problems with mail, even if the account wasent setup.

jitspoe · « **Reply #146 on:** September 12, 2006, 12:58:07 PM »

Seems even after I've configured it to just "dplogin.com", emails to no-reply@dplogin.com still get bounced, but no-reply@mail.dplogin.com still work. Does it take more than a day to propigate?

Sprinkle · « **Reply #147 on:** September 12, 2006, 01:49:10 PM »

It normally takes a few hours.. after a day it should definately work.

jitspoe · « **Reply #148 on:** September 12, 2006, 03:11:26 PM »

Well, I just don't know what I'm doing then.

jitspoe · « **Reply #149 on:** September 12, 2006, 11:09:56 PM »

Got it fixed! It was at the domain level. MX records weren't set up.

Sprinkle · « **Reply #150 on:** September 13, 2006, 12:53:52 AM »

Haha, good job. I always forget about MX levels myself.

jitspoe · « **Reply #151 on:** September 14, 2006, 01:39:17 AM »

Well, I started tinkering around with RSA again and got it working. The PHP end of things is really slow, though. Granted, it might just be the PlanetQuake server I was testing it on, but when it takes like 4 seconds to load the page... that concerns me. I don't want it bogging down the game servers.

Smokey · « **Reply #152 on:** September 14, 2006, 12:56:03 PM »

Quote from: jitspoe on September 14, 2006, 01:39:17 AM

Well, I started tinkering around with RSA again and got it working. The PHP end of things is really slow, though. Granted, it might just be the PlanetQuake server I was testing it on, but when it takes like 4 seconds to load the page... that concerns me. I don't want it bogging down the game servers.

hosting IS cheap. if you need some better hosting for testing just ask.

jitspoe · « **Reply #153 on:** September 14, 2006, 02:26:04 PM »

Well, this is strange. I added some timers, and it doesn't seem like it's actually taking that long. It must have to do with using long strings with GET:

http://digitalpaint.planetquake.gamespy.com/test/rsatestvar.php?n=00DC9F56E791A01F34BDBDB990346B64E735A1E086665F5B32589CA7A4BF0F690172E7724B26BC670BB9CDAD892946E4CAD4CF835F34B62898766FD56B21DBA225C422C565D42C1B5E507FE1CC2DF3B438E4975B99489161680AC5D579E110DB10E2DDFCD45029C4602B1FCD4088556B1D1CA6D89B5B0099D6572C05E2D03DF895&e=29&d=023DFA1E736E600E95B35BE6EDCD0F13000653F90A67FE533E4C84D35D84D6EBB8D7AF78704379C33DB9C3D849C90BB0E3FBDD6EC1938AD1ADF39BAA31C66507A644BF45C2CE902048056965BE703D06725D0A7320FC6FA30BC8DCD40EC6A9B73E9A1BAF6E1F33CF0F37332FE78043F2D2FFF2A65412A05EBAD830967481AB59&p=00ECBEAD5F462BEAB4BA50C619C97F32343B5D6443EBB2891DC0A834D55C2BEA4FA30EE7EF4BC1B6F34802F16C33D61D0C5D0777C75D2BA325997A85C2494415C1&q=00EE90F9361367310DE74DCBC9FE1D0D23E710597B1570BC04F5B58BEED6EEE7EB962C70A9E39CF03CA37EC89DBF31FCBAD8714F4BAD12857A85CB9FE558559FD5&u=7DBD4EC2621894C937336255F4E8C710A199B453A010BAE672F4C60F6B93C560403D036831CE3773836A696AFE45C44A6F6339A8C5E1D5DBC018CB41326309B4&encdata=00B9750B65BF77BC1B196A43CC324C1028CE8163B54969B0D7E3FF8537361127A736E8234B37DC168D98A1D18984218A35B920E91BE0EEF7D81AE10882DDCF815EC1C665FABC8505D84951C40A8E04E8AC74FE402DFB3492F4F7CC1336166F15421D24D9E9189CA96EA33957A3D90B5CDB8AD536B9AF1DE6EDA12C880A8DCA7554&bits=1024

It looks like it only takes like 0.5 seconds to actually generate the content, but it's several seconds before the page actually loads. Maybe if I use POST it would be faster.

I think what I can do, though, instead of having a large key on the server, is generate a small one (128 or even 64 bit should be sufficient) on the client at each login, then send the public portion to the login server, have the login server generate a random temporary password, send that back to the client using the previously generated RSA key, then use AES to encrypt the actual login information using the temporary password.

128bit encryption actually loads pretty quick.

http://digitalpaint.planetquake.gamespy.com/test/rsatestvar.php?n=00C2554CF7D5B499BE9405B61C992CF461&e=2B&d=00A8B930F6ED23BF072CD52527F43503&p=00DDB62FDD28CFABC1&q=00E0632B73B4CDF0A1&u=78CF4DF324513956&encdata=59D2C6DC898EF0FD17B27038B874562E&bits=128

jitspoe · « **Reply #154 on:** September 14, 2006, 05:42:55 PM »

Ok, I think I have it all figured out now. Here's a simple diagram to explain it:

Client RSAkey[secret,public] = random()
Client RSAkey[public] -> LoginServer
LoginServer AESKey = random()
Client <- encrypt(RSAKey[public], AESKey) LoginServer
Client encrypt(AESKey, login/password) -> LoginServer
Client <- validate(login,password) LoginServer
Client login -> GameServer login -> LoginServer
GameServer <- RSAkey[public] LoginServer
GameServer TestString = random()
Client <- EncTestString <- encrypt(RSAkey[public], TestString) GameServer
Client decrypt(RSAkey[secret], EncTestString) -> DecTestString -> GameServer
Client <- validate(DecTestString == TestString) or kick GameServer

Sad|Wk · « **Reply #155 on:** September 15, 2006, 04:02:31 AM »

Quote from: jitspoe on September 14, 2006, 05:42:55 PM

Ok, I think I have it all figured out now. Here's a simple diagram to explain it:

Client RSAkey[secret,public] = random()
Client RSAkey[public] -> LoginServer
LoginServer AESKey = random()
Client <- encrypt(RSAKey[public], AESKey) LoginServer
Client encrypt(AESKey, login/password) -> LoginServer
Client <- validate(login,password) LoginServer
Client login -> GameServer login -> LoginServer
GameServer <- RSAkey[public] LoginServer
GameServer TestString = random()
Client <- EncTestString <- encrypt(RSAkey[public], TestString) GameServer
Client decrypt(RSAkey[secret], EncTestString) -> DecTestString -> GameServer
Client <- validate(DecTestString == TestString) or kick GameServer

hmm, why not just use a keyring and drop some of this to;

Client encrypt(RSAkey[LoginServer:public], login/password) -> GameServer
GameServer encrypt(RSAkey[LoginServer:public2], Client encrypt(RSAkey[LoginServer:public], login/password) )-> LoginServer
GameServer <- validated(login,password) LoginServer
Client <- validatedGameServer or kick GameServer

Then you could throw in a challenge & response for good measure.

$.02

jitspoe · « **Reply #156 on:** September 15, 2006, 12:42:26 PM »

A login server public key would have to be large enough to not get cracked, but having large keys on the server takes too long to decrypt (see above).

Sad|Wk · « **Reply #157 on:** September 16, 2006, 03:43:34 PM »

Well, I'll have to do some testing on; pgp, gpg, openssl versions of RSA & AES
( I think they are all not at the same verison or upstream code base )
on which is faster; 1024 || 2048 decrypts or 128 keygens.

If my memory serves me right from several years ago of being more into crypto, the "real" kick in performance is memory, so a 256M or a 1G system will give different results.
( the en/de-crypts will gain more in larger memory system then the keygen ( which is really "collecting" data (ie. random noise)))

More later....................................

jitspoe · « **Reply #158 on:** September 17, 2006, 03:21:55 AM »

You also have to keep in mind that the crypto library for PHP does not support RSA, so it has to be scripted in the PHP language itself. It's not exactly designed for heavy duty math like that.

KnacK · « **Reply #159 on:** September 17, 2006, 10:32:42 AM »

For all those interested in Cryptography, ( almost relevent in this thread as we discuss RSA and keys ans stuffage) might want to visit this web site:

http://www.cryptodox.com/

Lot's of good reading for the n00bs, me included.