Comments (5)
I had personally assumed that one of the use cases for having redundant server addresses in the secret client data was so that a game server could verify if a client was allowed to connect to that server, without needing to access some sort of central "sessions" database.
from netcode.
@stellarLuminant Right, that makes total sense. I guess a better question would have been "why not make the connect token secret section a lot smaller", since that seems to remove redundancy, simplify things quite a bit, all without sacrificing any security.
Also, I edited my OP a lot -- my apologies! You probably responded to an old version (just fyi in case you had insights to any new questions I wrote).
from netcode.
The public token data is unencrypted, because it’s stuff the client needs to connect to the server, eg. The server IP address, private keys, timeout whatever. It’s not encrypted by anything, because the token is sent down from backend to client via a secure channel, typically HTTPS.
The internal part of the token, the private stuff that you think is redundant, is encrypted by a key that the client does not have (by design). The client passes this opaque blob over an unsecure channel (UDP packets) to connect to the server.
The server uses this data to verify that yes, in fact this client is authorized by the backend and is allowed to connect to the server.
That is all. There is no redundancy. You are trying to optimize something you don’t understand. Read the spec again, and understand why the client cannot read, modify or generate the private token data, and why this is necessary for security, then you’ll see why no redundancy exists.
Cheers
from netcode.
Thanks for the response Glenn! I appreciate you helping me to learn about your design.
There’s one thing I’m confused about. Does the typical use-case have the connect token share the same IP address list in both the private and public sections?
If so, is there an error in my proposal? I know you’re busy, and the nature of the question is complicated. You’re right, it’s an attempted optimization. This is typically how I personally learn. I understand it’s a long question though, and I apologize for not being able to shorten it any further. So feel free to ignore if you prefer :)
from netcode.
OK so I just figured out the problem. Not encrypting server IPs lets packet sniffers attempt to steal tokens before they are used, by knowing which server the token can be used to connect with. Which actually leads to a new question... I'll open a different issue.
Edit: Nope sniffing isn't possible: #84. So it still looks like the server list in particular does not need to be secret, so my original proposal still looks ok. All that's needed is for public info to be covered in the HMAC with the Additional Data part of the AEAD.
After thinking about all this some more, I do think the netcode approach is also quite simple, since just encrypting the entire token and duplicating the server list is very straightforward to understand once the design intent is understood. As far as I can see: both approaches should be pretty much equivalent with negligible differences.
from netcode.
Related Issues (20)
- Why is the browser plugin archived? HOT 2
- [Question] Connect Token private part HOT 1
- [Question] Is it possible to handle direct IP connections without a matchmaker service? HOT 1
- Assert on NULL user_data in netcode_generate_connect_token() HOT 1
- Up-to-date rust implementation of netcode HOT 1
- Windows: Connecting to server is delayed if some previous clients do not shutdown by the right way HOT 25
- Wait upon certain time for incoming packets HOT 1
- Embed the `client index` to `connection payload packet` and `connection disconnect packet` HOT 5
- libsodium is /MT HOT 1
- Connect Token Sniffing HOT 11
- DoS by Abusing Replay Protection HOT 5
- netcode.io support x32? HOT 1
- Settings #define's HOT 14
- MinGW linker error introduced in #66 HOT 1
- Fiy, found Socketify https://socketify.net/
- Switching between carrier and wifi when a connection has been established HOT 2
- netcode.io connect tokens fail when letting the system assign a server port. HOT 2
- Reporting security vulnerabilities HOT 1
- Single project c file HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from netcode.