Author Topic: Global Login System (Implementation Discussion) (Read 83960 times)

twistdid · « **Reply #20 on:** March 12, 2006, 06:07:45 PM »

all this stuff sounds pretty cool i just hope it comes out like it sounds and wouldnt this make it so much easier to ban hackers all you would have to do is disable their accounts but they could register all over again n im sure u could make a way so they cant register. and hackers wont be able to change their name and use a hack then change it back because they would have to wait two weeks.

Pimp · « **Reply #21 on:** March 21, 2006, 12:05:11 PM »

I'm really glad that you 'roll up your sleeves and get to work'. I'm impressed how you go on this thing. It's something great and I think it will really do a great advance.

When the time has come and you finnished this login system, then my dream, and I think the dream of a lot people, comes true.

That was what I liked to say. Thanks for your work Jit!

GreenAffairz · « **Reply #22 on:** April 02, 2006, 04:48:16 PM »

hah your correct Pimp. i am one of those people who will have their dreams fulfilled.

jitspoe · « **Reply #23 on:** April 12, 2006, 05:24:30 PM »

Well, it looks like the "lock on a box" method is fundamentally flawed, so I won't be using that. I think public/private keys are the way to go, but I'm having a hard time finding a good implementation that isn't completely overkill. I don't want to add a bunch of bloat just for a login system.

GreenAffairz · « **Reply #24 on:** April 16, 2006, 08:38:50 PM »

Just make it good, and lotsa stats, yes lots of stats..

Derrek · « **Reply #25 on:** April 17, 2006, 09:23:04 AM »

Take a look at how SSH works. pub/priv keys. And as for bloat? Its not like you are encrypting the data stream of the game play. I dont think many people would notice any bloat on a login system.
You might think about looking at the mod KOTS. Last time I played that (a year or two ago) they had a login system that worked well....you register, then set the password in your config (or in PB case, in the 'login' screen) and you are set...never have to touch the password again. They even had a 'stats' page that was fairly deacent. The one thing that kept people honest with that mod was you had to build up your characters stats (D&D type mod) in order to have a stronger character. If you didn't care about your characters stats then you could hack and re-register any time you wanted.

I dont think md5sums is a good method for this. md5sums is more for checking file consistency. The returned string is too sort for authentication.

Definitly include some sort of IP checking. The only problem is that DSL and dialup IPs change frequently. In that case, you can use the CIDR block from whois and at least verify the ISP.

I like the naming scheme...keeping the name consistent. Add in a 'clan tag' selection and allow it to be added before or after the perm name. Dont allow short names like 'I' or 'The' They should be atleast 5 chars and the clan tag a max of 4 (plus brackets/braces = 6).

Just some thoughts,

-Derrek

Pimp · « **Reply #26 on:** April 17, 2006, 11:22:06 AM »

rofl some thing is important, a name has to be at least 4 characters, not 5 long. my name.... has 4 letters...

jitspoe · « **Reply #27 on:** April 17, 2006, 01:44:37 PM »

Well, the way I see it, there are two ways to do this: The easy way, and the right way. My guess is that KOTS does it "the easy way." I think it's just a q2 mod, so that would actually be the only way, really. The same way we do admin logins, which should really be more secure, but they were implemented back in the Q2 mod days, and there was really no other way to do it.

I could, of course, do it the easy way, but that would mean your passwords would be floating around in plaintext, available to anybody using a sniffer. Lots of people use the same password for multiple things, so I don't like that idea at all. Using public/private key encryption, it's possible to securely log in without ever sending your password (like with SSH). Unfortunately, I can't find a simple implementation of it. I tried using OpenSSL, but that library ends up adding 500K. Paintball2.exe is like 360K. That more than doubles it, just to add logins. If that's not bloat, I don't know what is. I'm going to see if it's possible use just the necessary portions of the OpenSSL library, but knowing the way most GNU code is, there's probably a nightmare of dependencies in there and it would be easier to write my own RSA implementation.

Smokey · « **Reply #28 on:** April 17, 2006, 11:47:54 PM »

Quote from: Derrek on April 17, 2006, 09:23:04 AM

I dont think md5sums is a good method for this. md5sums is more for checking file consistency. The returned string is too sort for authentication.

have you ever seen a md5sum?? there like 20 charecters

a example i found

5263374160726782c1a8a066d8978e84

Derrek · « **Reply #29 on:** April 18, 2006, 01:22:41 AM »

Smokey...I know what an md5sum looks like...and I know what ssh pub and priv keys look like....I use this stuff at work every day.

Maybe I was not clear in my statement, and assumed that people know how secure authentication works. md5sum is merely a checksum. Its not a challenge/response implementation. md5sum is nearly the same as plain text passwords, in my opinion, unless you combine it with some sort of key pair that can allow the server side to control a piece of the key. If the server does not keep part of the authentication key secret, then you might as well use a plain password...even if it is md5sum'd first.

My statement 'md5sum return strings are too short' was based on the thought that if you are going to bother to encrypt data, use a long enough key so that it will not be compromised. Short keys are hackable, and should never be trusted. 'why would someone bother to try to hack the encryption for such a small lousy game??'....because it is there. Just like people trying to prove the anti-cheat system is flawed. If you are going to do it...do it right so you don't regret it later. But...maybe I’m taking the corporate view where data protection is extremely critical.

As far as bloat. The paintball executable can stay the same size...just have it call another executable to handle the authentication part, or a shared lib like the opengl lib. It does not have to be done by the same binary that runs the game. Maybe I’m missing something here?

Another thought I just had is that certain encryption algorithms may not be exportable outside of the USA. Jitspoe...check the laws before you implement anything. It has been quite a while since I last worked with international exportation. It may only apply to the key size (64bit limit)...but I thought it was the algorithms themselves..

-Derrek

IronFist · « **Reply #30 on:** April 18, 2006, 07:21:17 AM »

Post removed

jitspoe · « **Reply #31 on:** April 18, 2006, 10:37:10 AM »

I'm really just looking to use the encryption for the login stage, so using a secondary algorithm wouldn't be necessary, though the second key was an idea I had for logging into the servers: you connect to the master server using your key, then it sends you and the game server a random, temporary key, which can be used to log onto the server, and even if a "corrupt server admin" manages to steal your key, it won't do him any good because it expires as soon as you quit playing. The downside to doing this is that it would tax the login server a lot, having to generate random keys all the time, and having to be used for every player that connects. With public/private keys, it would be possible for the game server to cache keys and not have to use the login server at all for frequently returning players.

Derrek: Interesting point about legality. I don't really care to research it, but if somebody wants to look it up, it would be nice to know. I think it's more the responsibility of the person downloading the software to be aware of their country's laws. Making a separate executable would at least solve the issue of the main executable being bloated, but it still adds to the overall project and would probably make things more complicated, especially dealing with different OS's. I'll keep it in mind, though.

Blitz · « **Reply #32 on:** April 18, 2006, 12:36:35 PM »

Quote from: Smokey69 on April 17, 2006, 11:47:54 PM

have you ever seen a md5sum?? there like 20 charecters

They're 32-bit.

jitspoe · « **Reply #33 on:** April 18, 2006, 02:46:52 PM »

128bit, actually. 32bit is only 8 hex characters.

TinMan · « **Reply #34 on:** April 18, 2006, 03:20:31 PM »

RAINBOW TABLES!!! w00t!
...I'm sorry, have you seen my pills?

Smokey · « **Reply #35 on:** April 19, 2006, 02:02:22 AM »

lmao.

b00nlander · « **Reply #36 on:** April 20, 2006, 12:19:15 PM »

if there is something like a space reserved for clantags, I believe those are even more valuable to protect. As we have recently seen, ppl tend to fake clantags more and more, just to gain attention.

I think the idea that mentioned like 6-8 spaces in a seperate field for the name is good, and I believe that there should be some kind of "join protection" for those clantags, just like we have in pbcup and in all kinds of other games.

jitspoe · « **Reply #37 on:** April 24, 2006, 01:11:01 PM »

Well, it looks like OpenSSL isn't GPL-compatible. Back to square one, I guess.

jitspoe · « **Reply #38 on:** May 04, 2006, 03:42:07 PM »

I think I'm getting somewhere with libgcrypt. There are some more things I need to address, though, once I get past the basic public/private key verification.

- The private key needs to be encrypted somehow so somebody can't just copy it. What algorithm should I use for this?
- While the key should be encrypted, there should also be a way to optionally remember the password, so the user doesn't have to type it in every time he plays. How would I store that safely? I was thinking of encrypting the saved password with a randomly generated key in the registry or something like that -- something that wouldn't be accidently copied over if you were, say, giving the game to a friend at a lan party. I'm not sure what you'd do for Linux, though.
- If the user reinstalls the game, he will need to be able to re-obtain his private key. I'm thinking uploading an encrypted copy to the login server would be the best bet.
- There would be other benefits to logging into the master server, such as clan and account management, so the web login password and private key password could be set to the same thing, for the sake of simplicity for the user.
- What happens if the user completely forgets his password?
- What should I do about two people who use the same computer (ie: brothers who both play the game but would need different logins)?

jitspoe · « **Reply #39 on:** May 11, 2006, 06:44:26 PM »

Ok, I think I have almost everything figured out now. Let's see if I can explain it.

The client will create a new profile. During this creation process, an RSA public/private key pair will be generated. The public key will be uploaded to the master server. The private key will be encrypted with the user's password and uploaded to the master server as well as saved locally to the users hard drive. A hashed copy of the user's password will also be stored on the master server for web logins to manage clans and other future features.

The user must supply an email address, which will be used to send a random activation number. An account must be activated in order to use it. This is so people don't create lots of bogus accounts and so that there will be an email address to send a reset password to.

There will be an option to remember a password so you don't have to type it in every time you play. This password will be encrypted with unique information about your computer as a key, so if somebody copies your profile file, they won't have easy access to your password. This is only really a concern for something like LAN parties where you might be copying games or something between friends.

When a client connects to a game server, the game server contacts the master server and obtains the client's public key. The game server encrypts a random string using the client's public key, then sends it to the client. The client decrypts the string with its private key, and sends it back to the server. If the strings match, the client is validated and can play using that name. If not, the player is kicked.

In the event that a user forgets his password, a reset password code can be sent to his email address. This code, when used, will allow the user to generate a new public/private key pair and pick a new password.

Clan tags are going to be a bit tricky. I could make them separate, like Battlefield 2 does, but that would mean somebody could incorporate a tag into their name and get away with it. For example, if there was a clan called "[TAG]" and a player called "Name", using "[TAG]" for the tag and "Name" for the name, somebody else could come along and create a name called "[TAG]Name", with no clan tag, and it would appear the same visually. I guess what I'll have to do is keep the clan tag part of the player name, like it is now, and scan the player name for each existing clan tag, then ensure that the player that logged in is legitimately part of that clan.

I think that covers the basics. Let me know if you see any potential problems with this design.