Encryption in OTTD

Forum for technical discussions regarding development. If you have a general suggestion, problem or comment, please use one of the other forums.

Moderator: OpenTTD Developers

Moriarty
Tycoon
Tycoon
Posts: 1395
Joined: 12 Jun 2004 00:37
Location: United Kingdom of Great Britain and Northern Ireland
Contact:

Encryption in OTTD

Post by Moriarty »

I'm curious - is the network data for the game encrypted? I'm guessing not.

Would it be possible to encrypt it? And before anyone asks Why - Why not. Is there any technical reason not to encrypt packet data?
DaleStan
TTDPatch Developer
TTDPatch Developer
Posts: 10285
Joined: 18 Feb 2004 03:06
Contact:

Re: Encryption in OTTD

Post by DaleStan »

Moriarty wrote:Is there any technical reason not to encrypt packet data?
Yes.
1) Encryption increases at least connection-initialization overhead[0]
2) Encryption usually adds additional per-packet overheads.
3) Encryption increases CPU load.

[0] Surely the point here is security, which means that it has to be some random-gen key(s), not something stored in the source.
To get a good answer, ask a Smart Question. Similarly, if you want a bug fixed, write a Useful Bug Report. No TTDPatch crashlog? Then follow directions.
Projects: NFORenum (download) | PlaneSet (Website) | grfcodec (download) | grfdebug.log parser
User avatar
Bilbo
Tycoon
Tycoon
Posts: 1710
Joined: 06 Jun 2007 21:07
Location: Czech Republic

Re: Encryption in OTTD

Post by Bilbo »

Considering the bandwidth consumed by OpenTTD, I think the increased CPU load from encrypting these few packets will be neglibigle. Worse may be adding dependency on some ssl/tls libraries and having to manage all the stuff. I guess the added benefit (having secure connection to the game server) will not convince devs to implement this. But maybe if you submit a patch ...
If you need something, do it yourself or it will be never done.

My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility

Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
Rubidium
OpenTTD Developer
OpenTTD Developer
Posts: 3815
Joined: 09 Feb 2006 19:15

Re: Encryption in OTTD

Post by Rubidium »

And which gameserver owner is going to spend 500 US Dollars for a SSL Certificate to prove he is who is pretends he is? This is especially needed because you need some way to know for certain whether the other side is actually the server. If you do not you can have the so-called man-in-the-middle attacks which basically make the encryption useless.

So without a proper way to prove that the "other" side is actually the computer you want to talk to, i.e. the game server, there is no real meaning in using encryption as it will be overly easy to make a man-in-the-middle attack, which makes the encryption totally useless.
Moriarty
Tycoon
Tycoon
Posts: 1395
Joined: 12 Jun 2004 00:37
Location: United Kingdom of Great Britain and Northern Ireland
Contact:

Re: Encryption in OTTD

Post by Moriarty »

1) Encryption increases at least connection-initialization overhead[0]
As a https doesn't seem to take more than several fractions of a second longer than regular http I think we can say initialisation doesn't need to be a problem.

2/3) - As pointed out, OTTD uses negligible bandwidth/CPU. I have no idea what the percentile increase would be, I can't say for certain what the increase would be, but a multiple of a small number is usually still a small number. 8)



As to the SSL - Aren't there are other ways authenticate the server is what it says it is without an SSL cert. I.e.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
. Public keys can be verified by a Certificate Authority, whose public key is distributed through a secure channel (for example, with a web browser or OS installation).
It strikes me that you could use http://www.openttd.org/servers.php as that secure channel/certificate authority. No $500 certificates needed.

Also:
So without a proper way to prove that the "other" side is actually the computer you want to talk to, i.e. the game server, there is no real meaning in using encryption as it will be overly easy to make a man-in-the-middle attack, which makes the encryption totally useless.
Isn't this a logical fallacy?
"Because it can be broken with some effort there's no point putting it in".


And no, I'm not even remotely an expert on encrpytion. 8)
User avatar
Korenn
Tycoon
Tycoon
Posts: 1735
Joined: 26 Mar 2004 01:27
Location: Netherlands
Contact:

Re: Encryption in OTTD

Post by Korenn »

Moriarty wrote:And before anyone asks Why - Why not.
Seeing as some answers to the 'why not' were given, how about the 'why'? Why do you want to encrypt data that holds ottd user commands? Do you consider something in there to be that sensitive?
User avatar
Bilbo
Tycoon
Tycoon
Posts: 1710
Joined: 06 Jun 2007 21:07
Location: Czech Republic

Re: Encryption in OTTD

Post by Bilbo »

Rubidium wrote:And which gameserver owner is going to spend 500 US Dollars for a SSL Certificate to prove he is who is pretends he is? This is especially needed because you need some way to know for certain whether the other side is actually the server. If you do not you can have the so-called man-in-the-middle attacks which basically make the encryption useless.

So without a proper way to prove that the "other" side is actually the computer you want to talk to, i.e. the game server, there is no real meaning in using encryption as it will be overly easy to make a man-in-the-middle attack, which makes the encryption totally useless.
Sniffing (passive surveillance) is usually much easier than man-in-the-middle (active surveillance). Many people with HTTPS servers out there use certificates from some university CA or som of their home-made CA. Also, for openttd, as authority certificates would be distributed with it, there could be some authority maintained by developers whivch will give certificates to servers for free after some validation ... for openttd server you will not need to give somebody your real name, postal address, etc ... just somewhat verify that the server is under your control.

And 500 usd for certificate is expensive. I saw certs recognized in browsers given out for 20 usd/year (but probably still too much just for openttd server). Actually, I have not found certificate that was that much expensive, most expensive was 250 USD/year

Considering that for public servers, anybody can "sniff" you by simply joining as spectator, encryption is a bit futile (and sensitive data, aka the password is already exchanged in secure manner, not in plaintext)

So, it is IMHO too much effort for quite little benefit.

I think by combining with some application like ssltunnel or port forwarding over SSH you can get the encryption you want without having to modify openttd code at all.
If you need something, do it yourself or it will be never done.

My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility

Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
User avatar
Bilbo
Tycoon
Tycoon
Posts: 1710
Joined: 06 Jun 2007 21:07
Location: Czech Republic

Re: Encryption in OTTD

Post by Bilbo »

Moriarty wrote: 2/3) - As pointed out, OTTD uses negligible bandwidth/CPU. I have no idea what the percentile increase would be, I can't say for certain what the increase would be, but a multiple of a small number is usually still a small number. 8)
Well, I forgot about one thing. Once you connect, you start downloading the current map. Which can be like 4 megabyte download for the largest map sizes. And encryption will add some significant overhead here. But considering the map get compressed before sending, the overhead won't be as large, but still, it will be probably noticable.
If you need something, do it yourself or it will be never done.

My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility

Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
Moriarty
Tycoon
Tycoon
Posts: 1395
Joined: 12 Jun 2004 00:37
Location: United Kingdom of Great Britain and Northern Ireland
Contact:

Re: Encryption in OTTD

Post by Moriarty »

Korenn wrote:
Moriarty wrote:And before anyone asks Why - Why not.
Seeing as some answers to the 'why not' were given, how about the 'why'? Why do you want to encrypt data that holds ottd user commands? Do you consider something in there to be that sensitive?
Fair enough. 8)
Because you can use the game to send messages, and there's no non-technical they should be in plain text. We have plenty of news stories of all manner of governments snooping on pretty much everything, and various telcos/ISPs do packet shaping etc.
Also, the more encrypted traffic there is, the harder it becomes for the people who want to spy to find the encrypted traffic that contains important stuff. So basically "why not" is the real answer, and not just me being a smart alec ;-).

And no, I'm not a paranoid who encrypts everything. I don't even have a public/private key pair. ;-)

Well, I forgot about one thing. Once you connect, you start downloading the current map. Which can be like 4 megabyte download for the largest map sizes. And encryption will add some significant overhead here. But considering the map get compressed before sending, the overhead won't be as large, but still, it will be probably noticable.
Quick test then. I created a 2000*2000 map, and encrypted it with Axcrypt.
Size before: 4.16MB
Size after: 4.16MB

So no difference. I used axcrypt because that's what I have installed. Feel free to test other packages, I'd be curious to see why Axcrypt doesn't result in a file size change.

Considering that for public servers, anybody can "sniff" you by simply joining as spectator,
And private servers?
User avatar
Bilbo
Tycoon
Tycoon
Posts: 1710
Joined: 06 Jun 2007 21:07
Location: Czech Republic

Re: Encryption in OTTD

Post by Bilbo »

Moriarty wrote: Quick test then. I created a 2000*2000 map, and encrypted it with Axcrypt.
Size before: 4.16MB
Size after: 4.16MB
Encryption will not make the file larger (or it will increase it only by few bytes in case there is some header telling how it is encrypted). But CPU will spend "considerable" amount of time (for files that large perhaps 200-500 msec, depending on the CPU speed) when encrypting it.
Moriarty wrote:
Considering that for public servers, anybody can "sniff" you by simply joining as spectator,
And private servers?
Yes, in private servers it may be worth it, but I think setting up ssltunnel on server and telling the players how to connect to it would add encryption to the connection, while openttd does not have to care about it at all - it gets new unencrypted connection from the localhost end of the ssl tunnel, whle tre data in transit are encrypted.

Perhaps best that could be done in this thing is post some "how to use ssltunnel with openttd to secure the conection" guide to openttd wiki...
If you need something, do it yourself or it will be never done.

My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility

Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
Rubidium
OpenTTD Developer
OpenTTD Developer
Posts: 3815
Joined: 09 Feb 2006 19:15

Re: Encryption in OTTD

Post by Rubidium »

Bilbo wrote:som of their home-made CA
Thus easily 'attacked' by a man-in-the-middle because there is no trusted CA.
Bilbo wrote:there could be some authority maintained by developers whivch will give certificates to servers for free after some validation
And how would that validation work? Lots of servers change their IP address fairly regularly (due to DSL/Cable), so we need to make lots of certificates and perform lots of revocations. This means lots of work that could otherwise be used for better things. Furthermore the frequent changes means that developers need to reply 'quickly', which most likely is not going to happen because there are vast 'gaps' during the day which then make OpenTTD much less playable.

And how do we get 'proof' that somebody is who he/she pretends? People can easily fake email or nicks at IRC. So you suggest people to go to a developer in real life so they can prove it?
User avatar
Bilbo
Tycoon
Tycoon
Posts: 1710
Joined: 06 Jun 2007 21:07
Location: Czech Republic

Re: Encryption in OTTD

Post by Bilbo »

Rubidium wrote:
Bilbo wrote:som of their home-made CA
Thus easily 'attacked' by a man-in-the-middle because there is no trusted CA.
Yes, unless you distribute the certificate by other means (but the question is how?), it is vulnerable. Still, if you visited the site before, you can get warning that the cert. authority have changed. And if you are the issuer, then you will trust yourself (mostly these sites have https mainly because of site admin logging in securely to site administration).
Bilbo wrote:there could be some authority maintained by developers whivch will give certificates to servers for free after some validation
And how would that validation work? Lots of servers change their IP address fairly regularly (due to DSL/Cable), so we need to make lots of certificates and perform lots of revocations. This means lots of work that could otherwise be used for better things. Furthermore the frequent changes means that developers need to reply 'quickly', which most likely is not going to happen because there are vast 'gaps' during the day which then make OpenTTD much less playable.
Rubidium wrote: And how do we get 'proof' that somebody is who he/she pretends? People can easily fake email or nicks at IRC. So you suggest people to go to a developer in real life so they can prove it?
It could be connected with nick on tt-forums.net for example.
So when you connect to some server you will know who is the owner (of course unless someone steal someone else's forum account, as these forums operate over unencrypted http)
Still it could be open to attacks like registering similar names (Bilbo vs BiIbo - the small "L" replaced with capital "I") and abusing the fact that some characters look similar or even the same.
Also, the certificate giveout process would need to be automated ... some page checks authentication from forums and give you out your "personal server certificate".

edit:fix quoting
If you need something, do it yourself or it will be never done.

My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility

Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
Moriarty
Tycoon
Tycoon
Posts: 1395
Joined: 12 Jun 2004 00:37
Location: United Kingdom of Great Britain and Northern Ireland
Contact:

Re: Encryption in OTTD

Post by Moriarty »

Bilbo wrote:Encryption will not make the file larger (or it will increase it only by few bytes in case there is some header telling how it is encrypted). But CPU will spend "considerable" amount of time (for files that large perhaps 200-500 msec, depending on the CPU speed) when encrypting it.
200-500ms isn't even worth smiffing at. Not when you remember that the time taken to zip the thing up is significantly longer. 8)
stewis
Traffic Manager
Traffic Manager
Posts: 153
Joined: 20 Feb 2003 22:32

Re: Encryption in OTTD

Post by stewis »

Umm may i ask why a game needs to send data encrypted (unless its a password) just sounds like a pointless idea that will take up peoples time.

Its not like any one is sending confidential infomation using the game anyway...
User avatar
CMircea
Chairman
Chairman
Posts: 887
Joined: 29 Dec 2006 14:05

Re: Encryption in OTTD

Post by CMircea »

Moriarty wrote:
Bilbo wrote:Encryption will not make the file larger (or it will increase it only by few bytes in case there is some header telling how it is encrypted). But CPU will spend "considerable" amount of time (for files that large perhaps 200-500 msec, depending on the CPU speed) when encrypting it.
200-500ms isn't even worth smiffing at. Not when you remember that the time taken to zip the thing up is significantly longer. 8)
No, 200-500 ms isn't a big deal, but considering that open sends lots of small packages very second the game would be EXTREMELY laggy, especially when a client with a less powerful CPU joins. And even so, say the server generates a random key, but it has to tell the client about it, and then you can easily get the key. Since the source is under the GPL, there's not much you can do to implement encryption, and I highly doubt it's needed, it's a game, not a database containing top secret info about US!
User avatar
Arathorn
Tycoon
Tycoon
Posts: 6937
Joined: 30 Nov 2002 17:10

Re: Encryption in OTTD

Post by Arathorn »

Even discussing this suggestion is a waste of time. Not to mention the -even if insignificant- waste of CPU and bandwidth.
User avatar
Korenn
Tycoon
Tycoon
Posts: 1735
Joined: 26 Mar 2004 01:27
Location: Netherlands
Contact:

Re: Encryption in OTTD

Post by Korenn »

Arathorn wrote:Even discussing this suggestion is a waste of time. Not to mention the -even if insignificant- waste of CPU and bandwidth.
yeah, that's a very constructive post you've added... an even bigger waste of time.
User avatar
Bilbo
Tycoon
Tycoon
Posts: 1710
Joined: 06 Jun 2007 21:07
Location: Czech Republic

Re: Encryption in OTTD

Post by Bilbo »

Ehm ... time to lock this thread? It seems that the discussion is somehow moving off the topic ...
If you need something, do it yourself or it will be never done.

My patches: Extra large maps (1048576 high, 1048576 wide) (FS#1059), Vehicle + Town + Industry console commands (FS#1060), few minor patches (FS#2820, FS#1521, FS#2837, FS#2843), AI debugging facility

Other: Very large ships NewGRF, Bilbo's multiplayer patch pack v5 (for OpenTTD 0.7.3)
Moriarty
Tycoon
Tycoon
Posts: 1395
Joined: 12 Jun 2004 00:37
Location: United Kingdom of Great Britain and Northern Ireland
Contact:

Re: Encryption in OTTD

Post by Moriarty »

Desolator wrote:Since the source is under the GPL, there's not much you can do to implement encryption, and I highly doubt it's needed, it's a game, not a database containing top secret info about US!
In that case please explain how this or this can work?
Being GPL isn't an impediment to encryption.
No, 200-500 ms isn't a big deal, but considering that open sends lots of small packages very second the game would be EXTREMELY laggy, especially when a client with a less powerful CPU joins.
Sorry, I don't get what you're saying.
sc79
Director
Director
Posts: 586
Joined: 22 Feb 2005 09:51

Re: Encryption in OTTD

Post by sc79 »

Because you can use the game to send messages, and there's no non-technical they should be in plain text. We have plenty of news stories of all manner of governments snooping on pretty much everything, and various telcos/ISPs do packet shaping etc.
And the moral? Don't plan your crimes in OTTD chat. Paranoia is all good, but I think you'll need something a little more solid/constructive to encourage someone to take on all the work it would entail.
Post Reply

Return to “OpenTTD Development”

Who is online

Users browsing this forum: Bing [Bot] and 3 guests