Transport Tycoon Forums

The place to talk about Transport Tycoon
It is currently Mon Oct 23, 2017 10:35 pm

All times are UTC




Post new topic  Reply to topic  [ 13 posts ] 
Author Message
PostPosted: Mon Jan 04, 2010 9:20 pm 
Offline
Engineer
Engineer

Joined: Wed Nov 07, 2007 10:04 am
Posts: 118
Hello,

I noticed that when restarting my dedicated server and loading it up (from the commandline) with the latest autosave, works fine, except for one thing: All companies are without a password again, while there was a password before the restart/save.

Is this on purpose?

My first thought is that it's not very convenient, especially with the autoclean and stuff?

Opper


Top
   
PostPosted: Mon Jan 04, 2010 9:30 pm 
Offline
Graphics Moderator
Graphics Moderator
User avatar

Joined: Mon Sep 13, 2004 1:21 pm
Posts: 5187
Location: The Moon
Valentijn wrote:
Is this on purpose?


Yes. Otherwise any client could just save the game and strip the passwords. Even if only the server's games contained the password, this is still a record of them that players might not want to exist.

_________________
Pikkarail.com blog Image
Dev reference: NML Specs - NewGRF Specs - Savegame Internals - NoAi API - NoGo API
32bpp NewGRFs: Pineapple Trains (10cc) - Graphics Development


Top
   
PostPosted: Mon Jan 04, 2010 9:38 pm 
Offline
Engineer
Engineer

Joined: Wed Nov 07, 2007 10:04 am
Posts: 118
PikkaBird wrote:
Valentijn wrote:
Is this on purpose?


Yes. Otherwise any client could just save the game and strip the passwords. Even if only the server's games contained the password, this is still a record of them that players might not want to exist.


Why not encrypt the passwords?


Top
   
PostPosted: Mon Jan 04, 2010 9:40 pm 
Offline
Tycoon
Tycoon

Joined: Thu Dec 20, 2007 12:49 pm
Posts: 3653
Valentijn wrote:
Why not encrypt the passwords?
How would you then decrypt the passwords? You'd need some key for that, and if you store that key in the savegame it's unsafe again. The config file cannot always be modified so that's no option either.


Top
   
PostPosted: Mon Jan 04, 2010 9:59 pm 
Offline
Engineer
Engineer

Joined: Wed Nov 07, 2007 10:04 am
Posts: 118
Quote:
How would you then decrypt the passwords? You'd need some key for that, and if you store that key in the savegame it's unsafe again. The config file cannot always be modified so that's no option either.

The Dedicated server instance could generate a private key to encrypt the passwords, that way only the server admin could decrypt the passwords. Still a small risk (and oppurtunity to distribute the passwords), but I wouldn't expect people to use their email or other important passwords for a openttd company.

We could offer the option to let the user choose.


Last edited by Valentijn on Tue Jan 05, 2010 4:30 pm, edited 1 time in total.

Top
   
PostPosted: Tue Jan 05, 2010 12:56 am 
Offline
Engineer
Engineer

Joined: Tue Jan 05, 2010 12:28 am
Posts: 7
Yexo wrote:
Valentijn wrote:
Why not encrypt the passwords?
How would you then decrypt the passwords? You'd need some key for that, and if you store that key in the savegame it's unsafe again. The config file cannot always be modified so that's no option either.

Simply, you don't!

ANY proper password implementation won't enable you to decrypt the password in any way!
(read: you never use a two-way encyption scheme on a password, always use a one way hashing sheme.)

now, the question is: but how to verify the password?
The answer is simple: you just hash the password the user has given again and compare it to the already (hashed) previously given (server-sided) stored.

In addittion to this, to fully protect users privacy, you can create an random salt when a map is generated, and add this to the password before it is hashed.

This means it is possible to safely store the password on the server, using one-way hashing (SHA-256 or better please.) and the hash will be different between games, even for the same password.

The only (slight) weakness is when the admin (incidently) uses the same password as a player, and compares those hashes manually.
This can be solved by simply adding a unique (per-game) player id to the hash.

the final result will boil down to this:
(pseudocode)
Code:
hash = sha256(password . random_map_id . player_id);

hash will be stored on the server.

when a player joins agan, the same calculation will be done again, and the new and stored result will be compared
(pseudocode)
Code:
if (hash == stored_hash) {
  accept();
} else {
  kick();
}


Top
   
PostPosted: Tue Jan 05, 2010 6:50 am 
Offline
OpenTTD Developer
OpenTTD Developer

Joined: Thu Feb 09, 2006 7:15 pm
Posts: 3815
The salt needs to be stored in the savegame, so the amount of security you get by that is not that big. So once you join you have the salt and the salted passwords, then it's just a simple local brute-force attack. Or, probably even more effective, a dictionary attack on the password.

The player id idea won't really help because multiple players would like to join the same passworded company and how to keep a per-game unique player id? When the client crashes, or just shuts down to drink a cup of tea or go to sleep, the client has to store the player id somehow. Then it must store the player id till infinity because he might rejoin the server with a game he once played; just storing the last is no good. Anyhow, the player id thing won't work because of the multiple clients joining the same company problem.


Top
   
PostPosted: Tue Jan 05, 2010 4:35 pm 
Offline
Engineer
Engineer

Joined: Wed Nov 07, 2007 10:04 am
Posts: 118
Rubidium wrote:
The salt needs to be stored in the savegame, so the amount of security you get by that is not that big. So once you join you have the salt and the salted passwords, then it's just a simple local brute-force attack. Or, probably even more effective, a dictionary attack on the password.

Or (depending on the hashing alogithm) use a hash database like http://md5.rednoize.com/

Rubidium wrote:
The player id idea won't really help because multiple players would like to join the same passworded company and how to keep a per-game unique player id? When the client crashes, or just shuts down to drink a cup of tea or go to sleep, the client has to store the player id somehow. Then it must store the player id till infinity because he might rejoin the server with a game he once played; just storing the last is no good. Anyhow, the player id thing won't work because of the multiple clients joining the same company problem.

What about saving the password along with the Company Id? And save these passwords in a different (serverside only) file, so that clients can not harvest hashes by saving the game.


Top
   
PostPosted: Tue Jan 05, 2010 4:53 pm 
Offline
OpenTTD Developer
OpenTTD Developer

Joined: Thu Feb 09, 2006 7:15 pm
Posts: 3815
Valentijn wrote:
What about saving the password along with the Company Id? And save these passwords in a different (serverside only) file, so that clients can not harvest hashes by saving the game.
This has been suggested before; the problems with this method are somewhere to be found on this forum.
In short: quite a few servers export the save directory, thus also the password file or the password file is in another directory and the password file doesn't get removed when the savegame gets removed (although this also exists if the savegame and password file are put in the same directory).


Top
   
PostPosted: Tue Jan 05, 2010 7:09 pm 
Offline
Engineer
Engineer

Joined: Tue Jan 05, 2010 12:28 am
Posts: 7
the salted password can be (relatively) safely stored inside the savegame, if it has been properly salted.
Code:
hash = sha256(password . map_id . company_id)

The quickest method of cracking the password is bruteforcing it, which will take a certain amount of time, and will need to be repeated for each company, and each different map.

Creating a single rainbow table for all passwords with up to 5 characters (with the all the different possible salts (length: 40-bit) ) still takes 2327 years using the fastest (hardware) password cracker availble. however, storing this rainbow table, will take up around as much as the amount of particles in the our universe.

bruteforcing a single password, with up to 6 characters, for a single company, for a single game, using an household computer, can be done in just over an hour.
however, when using 8 characters, it can take up to 5 months, and when using 9 characters it will take almost 24 years.

effectively, the only weakness left will be weak passwords, which can't be solved.

Read:
Wikipedia/Password_strength#Time_needed_for_password_searches
Wikipedia/Rainbow_table#Defense_against_rainbow_tables

BTW: Note that i suggest using sha256 or better, which is currently still considered secure (besides bruteforce) on it's own, even without salting.


Top
   
PostPosted: Thu Jan 07, 2010 11:01 am 
Offline
Tycoon
Tycoon
User avatar

Joined: Wed Oct 15, 2003 10:00 pm
Posts: 2566
Location: Jarrow, UK
The passwords are already hashed in RAM, so it appears that some dev at some point has thought about saving them. I say this because, when I used to run my Standard Server, I would grab the passwords from RAM with a debugger before saving and restarting a server, then connect to each company in turn, puttin gthe passwords back. This became impossible after one of the new releases, when all of a sudden the passwords were all hashed.

Of course, this doesn't protect players' passwords from malicious admins. Anybody who could have attached a debugger to fish out the passwords could just as easily modify the source code to reveal them on demand (I was just determined not to modify the game). The only other explanation for deciding to hash the passwords is for the purpose of storing them safely. It just seems that it never happened.

_________________
PGP fingerprint: E66A 9D58 AA10 E967 41A6 474E E41D 10AE 082C F3ED


Top
   
PostPosted: Sun Jun 18, 2017 3:36 pm 
Offline
Engineer
Engineer

Joined: Sun Jun 18, 2017 2:55 pm
Posts: 11
Is there way to configure that company password will be saving in save file. After restart always I must configure password for all company and for server.


Top
   
PostPosted: Mon Jun 19, 2017 1:36 pm 
Offline
President
President
User avatar

Joined: Tue Nov 23, 2010 9:25 pm
Posts: 938
Location: ::1
In the current version of the game, it is not possible.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 13 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000-2017 phpBB Limited

Copyright © Owen Rudge/The Transport Tycoon Forums 2001-2017.
Hosted by Zernebok Hosting.