gdalgorithms-list

RE: [Algorithms] Message signature in token ring

[Tom F. <to...@mu...>]

>Does such an encryption algorithm ("encrypt with private key, decrypt with
public key") exist?

Certainly - PGP for example. But they're very slow.

Best way to do this is to securely (e.g. with public/private key stuff) send
a client ID to each client at start of day - just a fairly big random
number. Then for each message, the client takes the message, appends their
key, throws the thing through a good hash algo (not sure CRC is good enough,
there's plenty more secure ones), and sends the message in clear, and
appends the hash.

The server recieves the message, appends the client's key, hashes it, and
checks the hashes agree.

Another user can't spoof because they don't know the key, and so can't
generate a valid hash.

Make sure there's some sort of sequence number in there as well, or it will
be vulnerable to replay attacks.

But really, you need a proper crypto book - this has all been solved before,
with a lot more rigour.


Tom Forsyth - Muckyfoot bloke and Microsoft MVP.

This email is the product of your deranged imagination,
and does not in any way imply existence of the author. 

-----Original Message-----
From: Space Needle Exchange Program [mailto:SPA...@ho...]
Sent: 15 April 2003 16:55
To: gda...@li...
Subject: Re: [Algorithms] Message signature in token ring


Well, all the peers on the ring are running the same code. So if I only used
CRC or MD5 of the message, anyone could also easily generate that same hash
for a message they spoof or alter.

It seems like I need some kind of algorithm like the following:

Each peer has a private key that it encodes its message with. The message is
sent with a public key attached to it. Any peer can use that public key to
decode the message upon receipt. 

But even this won't work, because, again, anyone can encode any message and
send the proper public key (their public key) with it. Something has to go
into the message that uniquely identifies it as coming from a particular
peer. 

Hmm. I think I have an idea, assuming that a "encrypt with private key,
decrypt with public key" algorithm exists:

Each peer at initialization generates a private key and a public key. The
peer then generates an MD5 hash of the public key and sets its GUID as that
hash. Now, any message sent by the peer looks like:

[GUID][Public key][encrypted message]

Upon receipt, the peer verifies that the GUID is a proper MD5 hash of the
public key, and then decrypts the message using the public key. This
guarantees that whatever contents lay in the message are only applied to the
peer corresponding to that GUID, which makes spoofing a message on behalf of
another player or tampering with a message impossible. (Again, other than
outright destruction. The encrypted message should also contain a CRC or MD5
checksum to ensure that no one randomly fiddled with the bits in the
encrypted message, hoping to "get lucky" and make something happen.)

How does this sound? (Other than severe packet bloat.) Does such an
encryption algorithm ("encrypt with private key, decrypt with public key")
exist?

snx
----- Original Message ----- 
From: Justin Heyes-Jones 
To: gda...@li... 
Sent: Tuesday, April 15, 2003 1:59 AM
Subject: Re: [Algorithms] Message signature in token ring


You could generate a CRC for the message and tag it to the end. Grab some
CRC generating code from the web to do that. Then if a user wants to tamper
with the message he needs to use the same CRC generation to get a legal
message. To make it a little harder you could also XOR the CRC with a
constant, then XOR it with the same constant on the receiving end.

Justin, Genepool-UK
----- Original Message ----- 
From: Space Needle Exchange Program 
To: gda...@li... 
Sent: Tuesday, April 15, 2003 3:00 AM
Subject: [Algorithms] Message signature in token ring


I have a token ring-like networked communication structure where in order to
send a message to another peer on the ring, I pass the message to my
neighbor, and he sends it on, until it reaches its destination.

My question is: how can this message be "signed" so that no one on the ring
can spoof messages on my behalf, or more easily, modify the contents of
messages that are supposed to be merely forwarded along?

I don't need to keep the peers on the ring from reading the message as they
forward it along (nothing sensitive will be sent this way), I just want to
prevent spoofing/tampering. I don't need to worry about peers that outright
choose not to send along messages right now.

If it involves sending some kind of key/signature in every message, it would
be nice to keep that <= 128 bits. The protection doesn't have to be super
strong, since there is no incentive to crack, other than creating mischief.

I don't know much about cryptography, what are the right tools to use here?
Is what I'm talking about even possible?

snx

RE: [Algorithms] Message signature in token ring

[Shawn H. <sha...@cl...>]

> Negotiate a 56-bit DES key, and either encrypt your payload (0 space
> overhead, higher CPU overhead), or encrypt a hash at the end (small
> space overhead, small CPU overhead).

Even a slow CPU is so many orders of magnitude faster than network
bandwidth, encrypting all packet contents is an insignificant cost.
I really wouldn't worry about that.


-- 
Shawn Hargreaves
Climax Brighton


DISCLAIMER: Unless otherwise expressly stated, this message does not create
or vary any contractual relationship between you and Climax Studios Ltd.
The contents of this e-mail may be confidential and if you have received it
in error, please delete it from your system, destroy any hard copies and
contact the originator of the email. In accordance with the
Telecommunications (Lawful Business Regulations) (Interception of
Communications) Regulations 2000 the Company reserves the right and, may at
any time, monitor and intercept (but not record) e-mails to establish if
they are relevant to its business.

RE: [Algorithms] Message signature in token ring

[Chris B. \(BUNGIE\) <cbu...@mi...>]

> -----Original Message-----
> From: gda...@li...
[mailto:gdalgorithms-
> lis...@li...] On Behalf Of Shawn Hargreaves
> Sent: Tuesday, April 15, 2003 10:21 AM
> To: 'gda...@li...'
> Subject: RE: [Algorithms] Message signature in token ring
>=20
> > Negotiate a 56-bit DES key, and either encrypt your payload (0 space
> > overhead, higher CPU overhead), or encrypt a hash at the end (small
> > space overhead, small CPU overhead).
>=20
> Even a slow CPU is so many orders of magnitude faster than network
> bandwidth, encrypting all packet contents is an insignificant cost.
> I really wouldn't worry about that.
>=20
  I vehemently disagree. I would say that it is a concern for client /
server games where players are running servers on their own (possibly
slow) machines, anything where you have a large number of users on a
server in a datacenter, PS2 games, or anything where you're worried
about DoS.

--
Chris Butcher
Rendering & Simulation Lead
Halo 2 | Bungie Studios
bu...@bu...

RE: [Algorithms] Message signature in token ring

[Tony C. <to...@mi...>]

>How do people generate these really prime large numbers and relative
primes, anyway? Simple brute=20
>force? Does the choice of prime numbers affect the security of the
algorithm? (Does their magnitude >affect the security?)

Actually, they don't. Confirming for certain that you have a prime
number is a very hard problem. However, you can determine that the
probability of your number being composite is below any given threshold
you like (there are well-known algorithms for this), the longer you run
for, the more sure you can be. Once your probability of having a
composite falls below one in
age-of-universe/protons-in-galaxy/days-until-Duke-Nukem-Forever-ships/yo
ur-big-number-of-choice, you're happy with it.

If you're interested, some quick Googling should reveal some
implementations of RSA, including key generation, which will give you
the idea (but please don't trust random code you trawled from the net,
even if not malicious, it may be buggy in subtle ways not immediately
obvious).

The magnitude of one of the primes in RSA is a factor in the security of
the system (because that's effectly what dictates the size of the number
an attacker would have to factor to break the system).

However, I would like to very strongly restate my observation that you
really really really shouldn't be doing this yourself. It's easy to get
wrong even for an expert in crypto algorithms (and, no offense, but it
doesn't sound like you are an expert). Any decent OS will provide
perfectly good implementations of these core algorithms (for example,
the Crypto API in Windows), I highly recommend you use them.

Tony Cox - Development Lead, Hockey
Microsoft Games Studios - Sports

RE: [Algorithms] Message signature in token ring

[Casey M. <gd...@fu...>]

> However, I would like to very strongly restate my observation that you
> really really really shouldn't be doing this yourself. It's easy to get
> wrong even for an expert in crypto algorithms (and, no offense, but it
> doesn't sound like you are an expert). Any decent OS will provide
> perfectly good implementations of these core algorithms (for example,
> the Crypto API in Windows), I highly recommend you use them.

It doesn't seem to make much sense to use built-in OS encryption rather
than a freely available or commercial 3rd party one with source, because

1) You can't proof or verify code you have only in binary form,

2) You can't port or ensure interoperability between platforms if you have
to rely on the encryption native to each platform,

3) Um, how many times a year do they find gaping security holes in
Windows?  Why would we assume that an OS cryptography layer is magically
all that great?

- Casey

RE: [Algorithms] Message signature in token ring

[Jamie F. <ja...@qu...>]

A deterministic algorithm for testing primality has been recently
discovered, so there's no need to be probabilistic about it these days :)

http://www.cse.iitk.ac.in/news/primality.html

Jamie


-----Original Message-----
From: gda...@li...
[mailto:gda...@li...]On Behalf Of Tony
Cox
Sent: 15 April 2003 22:05
To: gda...@li...
Subject: RE: [Algorithms] Message signature in token ring


>How do people generate these really prime large numbers and relative
primes, anyway? Simple brute
>force? Does the choice of prime numbers affect the security of the
algorithm? (Does their magnitude >affect the security?)

Actually, they don't. Confirming for certain that you have a prime
number is a very hard problem. However, you can determine that the
probability of your number being composite is below any given threshold
you like (there are well-known algorithms for this), the longer you run
for, the more sure you can be. Once your probability of having a
composite falls below one in
age-of-universe/protons-in-galaxy/days-until-Duke-Nukem-Forever-ships/yo
ur-big-number-of-choice, you're happy with it.

If you're interested, some quick Googling should reveal some
implementations of RSA, including key generation, which will give you
the idea (but please don't trust random code you trawled from the net,
even if not malicious, it may be buggy in subtle ways not immediately
obvious).

The magnitude of one of the primes in RSA is a factor in the security of
the system (because that's effectly what dictates the size of the number
an attacker would have to factor to break the system).

However, I would like to very strongly restate my observation that you
really really really shouldn't be doing this yourself. It's easy to get
wrong even for an expert in crypto algorithms (and, no offense, but it
doesn't sound like you are an expert). Any decent OS will provide
perfectly good implementations of these core algorithms (for example,
the Crypto API in Windows), I highly recommend you use them.

Tony Cox - Development Lead, Hockey
Microsoft Games Studios - Sports


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
GDAlgorithms-list mailing list
GDA...@li...
https://lists.sourceforge.net/lists/listinfo/gdalgorithms-list
Archives:
http://sourceforge.net/mailarchive/forum.php?forum_ida88

RE: [Algorithms] Message signature in token ring

[Charles B. <cb...@cb...>]

Yeah, but the OS layer is getting banged-on heavily, so those holes
are found, and then they have the whole patching system hooked up,
so they're getting constantly fixed.  Sounds way more secure than any
custom lib.  Of course if you want to be multi-platform, it doesn't
make sense...

At 11:54 PM 4/15/2003 -0700, Casey Muratori wrote:
>It doesn't seem to make much sense to use built-in OS encryption rather
>than a freely available or commercial 3rd party one with source, because
>
>1) You can't proof or verify code you have only in binary form,
>
>2) You can't port or ensure interoperability between platforms if you have
>to rely on the encryption native to each platform,
>
>3) Um, how many times a year do they find gaping security holes in
>Windows?  Why would we assume that an OS cryptography layer is magically
>all that great?
>
>- Casey
>
-------------------------------------------------------
Charles Bloom    cb...@cb...    http://www.cbloom.com

[Algorithms] update game with constant interval

[jason z. <ja...@vi...>]

SGVsbG8gZm9sa3MsDQogICAgICBJJ2QgbGlrZSB0byB1cGRhdGUgbXkgZ2FtZSBsb2dpYyB3aXRo
IGZpeGVkIGRlbHRhIHRpbWUgYmVjYXVzZSBwaHlzaWNzIGFuZCBsb2dpYyBhcmUgZWFzeSB0bw0K
YmUgdW5zdGFibGUgd2l0aCB2YXJpYW50IGRlbHRhIHRpbWUuICBBbmQgcmVuZGVyaW5nIHdpbGwg
YmUgZG9uZSBieSBpbnRlcnBvbGF0aW5nIGJldHdlZW4gdHdvIA0KdXBkYXRlIGZyYW1lcy4gDQog
ICAgIEkgY2Fubm90IGZpbmQgdGhlIGRpc2N1c3Npb24oSSByZW1lbWJlciB0aGVyZSB3ZXJlIG11
Y2gpIG9uIHRoaXMgaW4gdGhlIG1haWwgYXJjaGl2ZSBhbmQgb24gZ29vZ2xlLiANCk1heWJlIG15
IHNlYXJjaCBza2lsbHMgYXJlIHNvIHBvb3IuICBDb3VsZCBzb21lb25lIGdpdmUgbWUgc29tZSBo
aW50cyBvciBsaW5rcywgcGxlYXNlPyBBbmQgdGhhbmtzLg0KDQoNCg==

Re: [Algorithms] update game with constant interval

[Julien K. <ma...@ju...>]

You could take a look at this featured Article on gamstutra.com
http://www.gamasutra.com/features/20010713/dickinson_01.htm

cheers
Julien Koenen
----- Original Message -----
From: "jason zhang" <ja...@vi...>
To: <gda...@li...>
Sent: Thursday, April 17, 2003 4:54 AM
Subject: [Algorithms] update game with constant interval


> Hello folks,
>       I'd like to update my game logic with fixed delta time because
physics and logic are easy to
> be unstable with variant delta time.  And rendering will be done by
interpolating between two
> update frames.
>      I cannot find the discussion(I remember there were much) on this i=
n
the mail archive and on google.
> Maybe my search skills are so poor.  Could someone give me some hints o=
r
links, please? And thanks.
>
>
> N=B1=B5S=B2=B2u?=19Y=A2=A2'=BD=B6=FEzz>=18,=B6-TSS
=A2?SS=B2q=AEz=B6=FE=B6=BA~z=FE=B6S=9D=81,=B6-=02S?=DBi=FF=FB(=BA=B7=1E~S=
=E0zw=AD=FEf=A2.=AA=DC?+=DE=FD=FA+=BAja=A5=FA+=BAh=9D=03=AD|

RE: [Algorithms] update game with constant interval

[Marc F. <ma...@ma...>]

There is an interesting article that covers the topic of scheduling game
events in Game Programming Gems 3, by Michael Harvey and Carl S. Marshall
from Intel Labs.

I currently use a slightly modified version of their implementation and it
works very well for me.

Their piece of code allows to maintain a virtual time clock based on the
real time clock and schedule tasks in sync with either to the virtual time
or frames update time.

I can email you my implementation privately if you are interested (I suppose
there would be legal issues if I post it here, since it's heavily based on
the work published in the book)

-Marc

-----Message d'origine-----
De : gda...@li...
[mailto:gda...@li...]De la part de
jason zhang
Envoyé : jeudi 17 avril 2003 04:55
À : gda...@li...
Objet : [Algorithms] update game with constant interval


Hello folks,
      I'd like to update my game logic with fixed delta time because physics
and logic are easy to
be unstable with variant delta time.  And rendering will be done by
interpolating between two
update frames.
     I cannot find the discussion(I remember there were much) on this in the
mail archive and on google.
Maybe my search skills are so poor.  Could someone give me some hints or
links, please? And thanks.


N±µŠ²²u†Y¢¢’
½¶þžz›‚¶–™ŠŠ¢†ŠŠ²q®z¶þ¶º~zþ¶Š‚¶–Š†Ûiÿû(º·~Šàzw­þf¢•ªÜ†+Þýú+ºja¥ú+ºh­
|

RE: [Algorithms] Message signature in token ring

[Toby J. <tj...@Hu...>]

> 3) Um, how many times a year do they find gaping security holes in
> Windows?  Why would we assume that an OS cryptography layer is magically
> all that great?

Because they probably test it more than you would. (And they test more than
most vendors of security products do for that matter).

Toby Jones
Programmer
Human Head Studios, Inc.
http://www.humanhead.com
 

-----Original Message-----
From: Casey Muratori [mailto:gd...@fu...] 
Sent: Wednesday, April 16, 2003 1:55 AM
To: gda...@li...
Subject: RE: [Algorithms] Message signature in token ring

> However, I would like to very strongly restate my observation that you
> really really really shouldn't be doing this yourself. It's easy to get
> wrong even for an expert in crypto algorithms (and, no offense, but it
> doesn't sound like you are an expert). Any decent OS will provide
> perfectly good implementations of these core algorithms (for example,
> the Crypto API in Windows), I highly recommend you use them.

It doesn't seem to make much sense to use built-in OS encryption rather
than a freely available or commercial 3rd party one with source, because

1) You can't proof or verify code you have only in binary form,

2) You can't port or ensure interoperability between platforms if you have
to rely on the encryption native to each platform,

3) Um, how many times a year do they find gaping security holes in
Windows?  Why would we assume that an OS cryptography layer is magically
all that great?

- Casey



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
GDAlgorithms-list mailing list
GDA...@li...
https://lists.sourceforge.net/lists/listinfo/gdalgorithms-list
Archives:
http://sourceforge.net/mailarchive/forum.php?forum_id=6188

RE: [Algorithms] Message signature in token ring

[Tony C. <to...@mi...>]

>It doesn't seem to make much sense to use built-in OS encryption rather
>than a freely available or commercial 3rd party one with source, =
because
>
>1) You can't proof or verify code you have only in binary form,


No offense, but given that you are not a security expert, you probably =
couldn't prove/verify code you saw in source form. Neither could I. I =
mean, you could give it a general skim, but that's not really the same =
thing.

>2) You can't port or ensure interoperability between platforms if you =
have
>to rely on the encryption native to each platform,
=20
There are implementations of standard algorithms, they should be =
compatible.

>3) Um, how many times a year do they find gaping security holes in
>Windows?  Why would we assume that an OS cryptography layer is =
magically
>all that great?
=20
They find security holes in all OSes. I will note that none of them, to =
my knowledge, have involved the Crypto API, probably because it's one of =
the most carefully reviewed pieces of code in the system.
=20
Your comments about Windows in general also miss an important point - =
Windows has millions of lines of code, and is used by millions of people =
every day, including a very large number of malicious attackers. Games =
have considerably less code, a much smaller user base, and a smaller =
absolute number of malicious attackers. Yet games frequently have bugs. =
It's quite likely that the bug rate in games per line-of-code or =
per-user is higher than in Windows. And yet you're talking about writing =
brand new code in a notoriously tricky area. If you think it's going to =
be less error prone than the heavily used and reviewed code in the OS, =
then you are dreaming.
=20
In any event, my argument was not particularly about Windows (although =
you seem to want to turn it into one). My point was a caution against =
rolling your own. If it makes you feel warm and fluffy to have the =
source code, then use some thoroughly peer-reviewed open source library. =
What you should not do is learn about this stuff for the first time by =
reading a couple of books, download some student's homework assignment =
implementation from the web, hack it about a bit, ask your buddy in the =
next-door office to take a quick look at it and then sit back and assume =
that your testers will find all the bugs.
=20
In short: DO NOT ROLL YOUR OWN UNLESS YOU HAVE NO OPTION
=20
Tony Cox - Development Lead, Hockey
Microsoft Game Studios - Sports

RE: [Algorithms] Message signature in token ring

[<phi...@pl...>]

> >1) You can't proof or verify code you have only in binary form,

> No offense, but given that you are not a security expert, you probably
couldn't prove/verify code you saw in source form.

You could subcontract someone (or if you're truly paranoid, several
different unconnected people) who was. Cost would probably disappear
relative to the development and running costs of an MMORPG. Especially one
that you're that paranoid about people hacking.

Cheers,
Phil

RE: [Algorithms] Message signature in token ring

[Casey M. <gd...@fu...>]

> >1) You can't proof or verify code you have only in binary form,
>
> No offense, but given that you are not a security expert, you probably
> couldn't prove/verify code you saw in source form. Neither could I. I
> mean, you could give it a general skim, but that's not really the same
> thing.

PROOF... not "prove".  As in, a respectable security algorithm is going to
have been _proven_ by mutliple math professors.  But it is a good idea to
_proof_ the code you are using for security.  If I was going to use
something for security, I would want to be able to inspect the source code
and verify that it implements that algorithm correctly, and that nothing
dangerous is going on.

> >2) You can't port or ensure interoperability between platforms if you have
> >to rely on the encryption native to each platform,
>
> There are implementations of standard algorithms, they should be compatible.

Compatible with what?  If I have a PS2 game that's supposed to talk to a
Windows server, and I use the Windows crypto API, there's no code for the
other end - so there's nothing to be "compatible" with.  Do you see what
I'm getting at here?  You want to have the code, so you can port it to any
machine.  If you have to write a version for the PS2 but not for Windows,
that's no good, because you have to do the work for PS2 anyway, and so you
might as well just have used that on both platforms.

> If it makes you feel warm and fluffy to have the source code, then use
> some thoroughly peer-reviewed open source library.

Sure, that's a fine idea.  Your suggestion was to use the code in the OS,
which I think is a bad idea, for the reasons I mentioned, which as far as
I can see still apply 100%.

- Casey

RE: [Algorithms] Message signature in token ring

[Aaron N. <ani...@mi...>]

All I can say is please reconsider rolling your own security layer.
Regardless of how much you study before you start or how many people you
recruit to test it, you can't hope to approach the security that comes
from a well-established security API, namely:
1) An experienced crew of crypto developers
2) An experienced security test team
3) Years of hack attempts, testing, and fixes to improve the system
4) Extensive review of the architecture and implementation
5) Ongoing support and fixes for problems found after the fact

Without this kind of backing, any security you have is more by
coincidence than by design.  You may be an experienced coder and may
come up with good algorithms, but all it takes is one slip-up (buffer
overrun, unchecked input, weak algorithm, faulty assumption, etc...) to
bring the whole house of cards down.

Writing a security layer is a fun learning task for a hobbyist, but
doing it in a professional project can be suicidal, especially if you
aren't already an expert on the subject.

Aaron Nicholls


-----Original Message-----
From: phi...@pl...
[mailto:phi...@pl...]=20
Sent: Wednesday, April 16, 2003 9:11 AM
To: gda...@li...
Subject: RE: [Algorithms] Message signature in token ring





> >1) You can't proof or verify code you have only in binary form,

> No offense, but given that you are not a security expert, you probably
couldn't prove/verify code you saw in source form.

You could subcontract someone (or if you're truly paranoid, several
different unconnected people) who was. Cost would probably disappear
relative to the development and running costs of an MMORPG. Especially
one
that you're that paranoid about people hacking.

Cheers,
Phil



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
GDAlgorithms-list mailing list
GDA...@li...
https://lists.sourceforge.net/lists/listinfo/gdalgorithms-list
Archives:
http://sourceforge.net/mailarchive/forum.php?forum_id=3D6188

RE: [Algorithms] Message signature in token ring

[Tony C. <to...@mi...>]

>PROOF... not "prove".  As in, a respectable security algorithm is going
to have been=20
>_proven_ by mutliple math professors.  But it is a good idea to _proof_
the code you are=20
>using for security.  If I was going to use something for security, I
would want to be able=20
>to inspect the source code and verify that it implements that algorithm
correctly, and that >nothing dangerous is going on.

You're not qualified to verify, prove, proof, or otherwise validate that
it implements the algorithm correctly and *securely* either.

There are other problems than the core algorithm. Libraries which have
been thoroughly reviewed by many *security experts* get these things
right (mostly). Code that is verified by Random Joe Game Programmer
stands less of a chance of getting it right.

>> There are implementations of standard algorithms, they should be=20
>> compatible.
>
>Compatible with what?  If I have a PS2 game that's supposed to talk to
a Windows server, and >I use the Windows crypto API, there's no code for
the other end - so there's nothing to be >"compatible" with.  Do you see
what I'm getting at here?  You want to have the code, so you >can port
it to any machine.  If you have to write a version for the PS2 but not
for Windows, >that's no good, because you have to do the work for PS2
anyway, and so you might as well=20
>just have used that on both platforms.

It's true that platforms like PS2 present an issue, if Sony did not
think to provide standard libraries.

>Sure, that's a fine idea.  Your suggestion was to use the code in the
OS, which I think is a >bad idea, for the reasons I mentioned, which as
far as I can see still apply 100%.

My major point was not to roll your own unless you absolutely have to.

I also pointed out that for many applications there is perfectly good OS
code available which will do the job. Clearly the PS2 is library
deficient. That doesn't invalidate the sense of using the provided
libraries on Windows if you are not deploying on PS2.

Tony Cox - Development Lead, Hockey
Microsoft Games Studios - Sports

RE: [Algorithms] Message signature in token ring

[Casey M. <gd...@fu...>]

> You're not qualified to verify, prove, proof, or otherwise validate that
> it implements the algorithm correctly and *securely* either.

Don't extrapolate your own lack of ability to everyone who develops games.
It's WELL within the realm of possibility that there are game programmers
who would be able to catch exploits in cryptography code.  Since we
routinely find bugs in everything else, it's only appropriate process for
a game developer concerned about security to go through the code carefully
and test it thoroughly, instead of just grabbing it and saying "yeah, I'm
sure it'll be fine!"

Frankly, this is tiresome.  My suggested cons (a - you can review the
code, b - you can port it, c - it's not part of a package that has been
routinely exploited) were simple and valid.  You don't have to agree with
any of them, but I have no idea why going off on tangents about Sony's
lack of libraries or game programmers being lame has anything to do with
it.  These are pragmatic concerns that the person who asked the question
might want to think about before taking the advice of "use the one in the
OS".

And that's the last you'll hear from me on this topic, because frankly,
there are few things I care less about than cryptography.

- Casey

RE: [Algorithms] Message signature in token ring

[Brian H. <ho...@py...>]

>You're not qualified to verify, prove, proof, or otherwise=
 validate
>that it implements the algorithm correctly and *securely*=
 either.

Which is completely irrelevant.  The point is that SOMEONE is 
qualified, and if that code is not available for review, then NO=
 ONE 
except the people that wrote it in the first place are going to=
 even 
have that option.

With the sheer number of exploits found in Windows on a routine 
basis, I think the leeriness presented here is completely=
 rational.  

>There are other problems than the core algorithm. 

Of course there are.  But not having that or its implementation 
exposed IS a problem.

>It's true that platforms like PS2 present an issue, if Sony did=
 not
>think to provide standard libraries.

Which, of course, still doesn't solve an interoperability=
 problems.  

The best, non-crypto example of this is DirectPlay, which is=
 pretty 
much laughed at by most serious network game programmers I know,=
 is a 
complete nightmare when porting to non-Microsoft platforms, and=
 which 
is generally only defended by the people that worked on it, who=
 do a 
bunch of hand waving and make statements like "A lot of people=
 have 
spent a lot more time looking at this problem than you have, and=
 
there's no way you can do better".

Yet game programmers do.  Go figure.

>My major point was not to roll your own unless you absolutely=
 have
>to.

It's pretty clear you can go both ways on this issue.  I cannot 
recommend hardware mixing in DirectSound to anyone, yet it seems=
 that 
it is often suggested as the right thing to do because, hey,=
 "they" 
are going to get it right more often than the lowly game=
 programmer.

>I also pointed out that for many applications there is=
 perfectly
>good OS code available which will do the job. 

The problem, again, is who says it's "perfect good"?  Shall we do=
 a 
laundry list of Windows APIs that flat out have historically just=
 
sucked?  To be fair, we can also include the CRTL and Unix APIs=
 if 
you'd like, the point being that just because something is=
 "standard" 
or part of the operating system does not automatically make it=
 good 
or better than rolling your own solution.

>library deficient. That doesn't invalidate the sense of using=
 the
>provided libraries on Windows if you are not deploying on PS2.

IF there is a high likelihood that the Windows implementation is=
 
better than your own attempts and IF you don't care about=
 portability 
to other systems (Linux dedicated servers; Sun Ultra clusters;=
 etc.) 
then sure, it might make sense.

But not always.

-Hook

RE: [Algorithms] Message signature in token ring

[Tony C. <to...@mi...>]

>>You're not qualified to verify, prove, proof, or otherwise validate
>>that it implements the algorithm correctly and *securely* either.
>
>Which is completely irrelevant.  The point is that SOMEONE is
>qualified, and if that code is not available for review, then NO ONE
>except the people that wrote it in the first place are going to even
>have that option.
=20
But that someone is unlikely to be a game developer. Pick code which has =
been reviewed by someone qualified rather than rolling you own.

>The best, non-crypto example of this is DirectPlay, which is pretty
>much laughed at by most serious network game programmers I know, is a
>complete nightmare when porting to non-Microsoft platforms, and which
>is generally only defended by the people that worked on it,
=20
I'm not sure where this turned into a DirectPlay discussion. Your =
comments are highly inaccurate - and I suspect your knowledge of =
DirectPlay is circa DirectX 6 at best. Please feel free to contact me =
off-list if you would like to be educated. No hand-waving, and concrete =
examples guaranteed.
=20
>>My major point was not to roll your own unless you absolutely have
>>to.
>
>It's pretty clear you can go both ways on this issue.  I cannot
>recommend hardware mixing in DirectSound to anyone, yet it seems that
>it is often suggested as the right thing to do because, hey, "they"
>are going to get it right more often than the lowly game programmer.
=20
Haha, that's funny. If you have a modern sound card, software mixing =
makes about as much sense as software rendering. Your experience is =
clearly dated. Still, I guess you're not writing for the leading edge =
any more, Brian.

>The problem, again, is who says it's "perfect good"?  Shall we do a
>laundry list of Windows APIs that flat out have historically just
>sucked?  To be fair, we can also include the CRTL and Unix APIs if
>you'd like, the point being that just because something is "standard"
>or part of the operating system does not automatically make it good
>or better than rolling your own solution.

The point is that standard and widely used libraries tend to get the =
bugs wrung out of them eventually. They are never perfect, of course, =
but they tend to be more robust than homebrew. In the particular case of =
the Crypto API, given the level of scrutiny it undergoes both =
internally, and by a vast number of corporate customers (many of whom =
will have source code licenses), I would be highly surprised if there =
were any truly massive flaws, and absolutely dumbfounded if the overall =
quality were below homebrew solutions thrown together by people who have =
to ask basic number theory questions on a gamedev list...

>>library deficient. That doesn't invalidate the sense of using the
>>provided libraries on Windows if you are not deploying on PS2.
>
>IF there is a high likelihood that the Windows implementation is
>better than your own attempts and IF you don't care about portability
>to other systems (Linux dedicated servers; Sun Ultra clusters; etc.)
>then sure, it might make sense.

There will be suitable libraries for Unix type systems, I am sure. I =
never mentioned Windows explicitly - that was someone else. I was merely =
pointing out the general desirability of using standard libraries rather =
than homebrew, particularly where security is involved. I don't really =
see why that's a controversial observation (apart from the obvious =
challenge to the machismo of some die-hard Not Invented Here types).

- Tony

RE: [Algorithms] Message signature in token ring

[Brian H. <ho...@py...>]

>>Which is completely irrelevant.  The point is that SOMEONE is
>>qualified, and if that code is not available for review, then=
 NO
>>ONE except the people that wrote it in the first place are=
 going to
>>even have that option.
>
>But that someone is unlikely to be a game developer. Pick code=
 which
>has been reviewed by someone qualified rather than rolling you=
 own.

I don't think you're getting this.  "Someone qualified" -- like=
 who?  
The code is written by a bunch of faceless entities randomly=
 promoted 
within an organization.  My point still stands -- between=
 trusting 
"someone who might or might not be qualified and who may or may=
 not 
be writing good code" vs. "me", I'll take "me".

It's not a case of NIH, I might add, it's a case of openness.  I=
 use 
a lot of open source stuff for the very reason that I DO prefer=
 that 
experts be able to do stuff I'm only passingly familiar with, but=
 I 
get very leery when I'm asked to rely on someone else's code and=
 A.) 
I have no idea of their qualifications and B.) I can't see their=
 
code.

>I'm not sure where this turned into a DirectPlay discussion.=
 Your
>comments are highly inaccurate - and I suspect your knowledge=
 of
>DirectPlay is circa DirectX 6 at best. Please feel free to=
 contact
>me off-list if you would like to be educated. No hand-waving,=
 and
>concrete examples guaranteed.

It was an example of where your logic breaks down.  It's not a=
 slam 
on DirectX, but merely pointing out another Microsoft API that=
 has 
generally been derided but which Microsoft has repeatedly claimed=
 is 
written by people that know this stuff better than "dumb" game 
programmers.

>Haha, that's funny. If you have a modern sound card, software=
 mixing
>makes about as much sense as software rendering. Your experience=
 is
>clearly dated. Still, I guess you're not writing for the=
 leading
>edge any more, Brian.

Is this why every piece of software I've used recently still=
 retains 
the option to disable hardware mixing?

And please try not to make this personal, TONY.  Ok?

There are really only two fundamental truths here:

1.  Software you write yourself, you can fix/port/extend. =
 Software 
provided by someone else in binary-only form, you cannot.

2.  Software you write yourself has a chance of being of lesser=
 or 
higher quality than software written elsewhere.  The odds of you=
 
writing better software than "them" depends on a huge number of 
factors, and blithely assuming either all libraries are broken or=
 all 
game programmers are stupid isn't really going to be accurate=
 either 
way.

Anyway, this should probably migrate to general or sweng.

-Hook

RE: [Algorithms] Message signature in token ring

[Casey M. <gd...@fu...>]

> >Haha, that's funny. If you have a modern sound card, software mixing
> >makes about as much sense as software rendering. Your experience is
> >clearly dated. Still, I guess you're not writing for the leading
> >edge any more, Brian.
>
> Is this why every piece of software I've used recently still retains
> the option to disable hardware mixing?

Brian is right on this one.  Jeff (Roberts) should post here about how
many problems they've had supporting hardware mixing with Miles because
of the myriad ridiculously bad sound hardware and/or drivers that exist
out there.  I'm not even sure the default for most games is hardware - I
think a lot of games use software mixing by default.

I'd also like to point out that software rendering is also a big deal.
http://hlsdk.valve-erc.com/, etc., once again, because of too disparate a
set of cards, and because people don't often have the right drivers.
Hardware-only still causes problems for many game segments.

> And please try not to make this personal, TONY.  Ok?

I think what Tony MEANT to say was that Brian, you are not QUALIFIED to
write for the leading edge any more!  You're just Joe Random Game
Programmer!

- Casey

RE: [Algorithms] Message signature in token ring

[<phi...@pl...>]

As with many security issues, it's a question of trust.

http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#ntbroken

Cheers,
Phil

RE: [Algorithms] Message signature in token ring

[Mat N. \(\(BUNGIE\)\) <mat...@mi...>]

Well, even open code is prone to bugs/exploits that aren't readily
considered due to experience or whatnot. Case in point, the timing
attacks on OpenSSL that, experimentally at least, can extract the
private RSA key. These attacks are pretty well known in the academic
community (at least I assume they are; we learned about them in a survey
crypto course), and the fact that no one even bothered to test or
consider these attacks due to the conception that they're only effective
against smart-cards and similarly low-bit encryption shows that even
open-ness of code does not necessarily give said code some magical
properties of being more scrutinized than closed code.

Having "many eyes" looking at code doesn't help when those eyes have no
idea what to look for. Most (public) exploits attributed to Windows
aren't from kernel level flaws, but from higher level components that
have buffer overruns or corrupt heap usage. Except for the csrss.exe
bug.

MSN

-----Original Message-----
From: Brian Hook [mailto:ho...@py...]=20
Sent: Thursday, April 17, 2003 10:01 AM
To: gda...@li...
Subject: RE: [Algorithms] Message signature in token ring

>>Which is completely irrelevant.  The point is that SOMEONE is
>>qualified, and if that code is not available for review, then NO
>>ONE except the people that wrote it in the first place are going to
>>even have that option.
>
>But that someone is unlikely to be a game developer. Pick code which
>has been reviewed by someone qualified rather than rolling you own.

I don't think you're getting this.  "Someone qualified" -- like who? =20
The code is written by a bunch of faceless entities randomly promoted=20
within an organization.  My point still stands -- between trusting=20
"someone who might or might not be qualified and who may or may not=20
be writing good code" vs. "me", I'll take "me".

It's not a case of NIH, I might add, it's a case of openness.  I use=20
a lot of open source stuff for the very reason that I DO prefer that=20
experts be able to do stuff I'm only passingly familiar with, but I=20
get very leery when I'm asked to rely on someone else's code and A.)=20
I have no idea of their qualifications and B.) I can't see their=20
code.

>I'm not sure where this turned into a DirectPlay discussion. Your
>comments are highly inaccurate - and I suspect your knowledge of
>DirectPlay is circa DirectX 6 at best. Please feel free to contact
>me off-list if you would like to be educated. No hand-waving, and
>concrete examples guaranteed.

It was an example of where your logic breaks down.  It's not a slam=20
on DirectX, but merely pointing out another Microsoft API that has=20
generally been derided but which Microsoft has repeatedly claimed is=20
written by people that know this stuff better than "dumb" game=20
programmers.

>Haha, that's funny. If you have a modern sound card, software mixing
>makes about as much sense as software rendering. Your experience is
>clearly dated. Still, I guess you're not writing for the leading
>edge any more, Brian.

Is this why every piece of software I've used recently still retains=20
the option to disable hardware mixing?

And please try not to make this personal, TONY.  Ok?

There are really only two fundamental truths here:

1.  Software you write yourself, you can fix/port/extend.  Software=20
provided by someone else in binary-only form, you cannot.

2.  Software you write yourself has a chance of being of lesser or=20
higher quality than software written elsewhere.  The odds of you=20
writing better software than "them" depends on a huge number of=20
factors, and blithely assuming either all libraries are broken or all=20
game programmers are stupid isn't really going to be accurate either=20
way.

Anyway, this should probably migrate to general or sweng.

-Hook






-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
GDAlgorithms-list mailing list
GDA...@li...
https://lists.sourceforge.net/lists/listinfo/gdalgorithms-list
Archives:
http://sourceforge.net/mailarchive/forum.php?forum_ida88

RE: [Algorithms] Message signature in token ring

[Tony C. <to...@mi...>]

FWIW, I replied to Brian off-list on some of his specific points. I just
wanted to make clear that my central point was about the folly of
rolling one's own, and was not intended to be a commentary on open
versus closed source, or any of the other various ways my comments have
been misinterpreted.

In any event, I'm not sure how productive this thread is continuing to
be, so I think I'll stop now.

Tony Cox - Development Lead, Hockey
Microsoft Games Studios - Sports


-----Original Message-----
From: gda...@li...
[mailto:gda...@li...] On Behalf Of Mat
Noguchi ((BUNGIE))
Sent: Thursday, April 17, 2003 10:22 AM
To: gda...@li...
Subject: RE: [Algorithms] Message signature in token ring


Well, even open code is prone to bugs/exploits that aren't readily
considered due to experience or whatnot. Case in point, the timing
attacks on OpenSSL that, experimentally at least, can extract the
private RSA key. These attacks are pretty well known in the academic
community (at least I assume they are; we learned about them in a survey
crypto course), and the fact that no one even bothered to test or
consider these attacks due to the conception that they're only effective
against smart-cards and similarly low-bit encryption shows that even
open-ness of code does not necessarily give said code some magical
properties of being more scrutinized than closed code.

Having "many eyes" looking at code doesn't help when those eyes have no
idea what to look for. Most (public) exploits attributed to Windows
aren't from kernel level flaws, but from higher level components that
have buffer overruns or corrupt heap usage. Except for the csrss.exe
bug.

MSN

-----Original Message-----
From: Brian Hook [mailto:ho...@py...]=20
Sent: Thursday, April 17, 2003 10:01 AM
To: gda...@li...
Subject: RE: [Algorithms] Message signature in token ring

>>Which is completely irrelevant.  The point is that SOMEONE is=20
>>qualified, and if that code is not available for review, then NO ONE=20
>>except the people that wrote it in the first place are going to even=20
>>have that option.
>
>But that someone is unlikely to be a game developer. Pick code which=20
>has been reviewed by someone qualified rather than rolling you own.

I don't think you're getting this.  "Someone qualified" -- like who? =20
The code is written by a bunch of faceless entities randomly promoted=20
within an organization.  My point still stands -- between trusting=20
"someone who might or might not be qualified and who may or may not=20
be writing good code" vs. "me", I'll take "me".

It's not a case of NIH, I might add, it's a case of openness.  I use=20
a lot of open source stuff for the very reason that I DO prefer that=20
experts be able to do stuff I'm only passingly familiar with, but I=20
get very leery when I'm asked to rely on someone else's code and A.)=20
I have no idea of their qualifications and B.) I can't see their=20
code.

>I'm not sure where this turned into a DirectPlay discussion. Your=20
>comments are highly inaccurate - and I suspect your knowledge of=20
>DirectPlay is circa DirectX 6 at best. Please feel free to contact me=20
>off-list if you would like to be educated. No hand-waving, and concrete

>examples guaranteed.

It was an example of where your logic breaks down.  It's not a slam=20
on DirectX, but merely pointing out another Microsoft API that has=20
generally been derided but which Microsoft has repeatedly claimed is=20
written by people that know this stuff better than "dumb" game=20
programmers.

>Haha, that's funny. If you have a modern sound card, software mixing=20
>makes about as much sense as software rendering. Your experience is=20
>clearly dated. Still, I guess you're not writing for the leading edge=20
>any more, Brian.

Is this why every piece of software I've used recently still retains=20
the option to disable hardware mixing?

And please try not to make this personal, TONY.  Ok?

There are really only two fundamental truths here:

1.  Software you write yourself, you can fix/port/extend.  Software=20
provided by someone else in binary-only form, you cannot.

2.  Software you write yourself has a chance of being of lesser or=20
higher quality than software written elsewhere.  The odds of you=20
writing better software than "them" depends on a huge number of=20
factors, and blithely assuming either all libraries are broken or all=20
game programmers are stupid isn't really going to be accurate either=20
way.

Anyway, this should probably migrate to general or sweng.

-Hook

RE: [Algorithms] Message signature in token ring

[Thierry T. <ttr...@re...>]

>IF there is a high likelihood that the Windows implementation is=20
>better than your own attempts and IF you don't care about portability=20
>to other systems (Linux dedicated servers; Sun Ultra clusters; etc.)=20
>then sure, it might make sense.

The Windows CryptoAPI provides standard compliant implementation of
well known cryptographic algorithms (RSA, 3DES, RC2, SHA, MD5, ...).
So I am quite curious as to why everyone is talking about portability
issues, there is none.

Thierry