TCPObject encryption

#1 @Henry: Noticed your post as I was browsing and realized I just implemented a resource that might do what you want.
Auto-Updater for TGE/TGB/TSE
www.garagegames.com/index.php?sec=mg&mod=resource&page=view&qid=10800

You need to use MD5 Encryption
MD5 Hash for Torque
www.garagegames.com/index.php?sec=mg&mod=resource&page=view&qid=4392

Added another one.
TCPObject Binary transfer
www.garagegames.com/index.php?sec=mg&mod=resource&page=view&qid=4926

About your chat server? Are you using a dedicated server for chat only. I am about to implement our Chat/Communication channels and am debating about having the Chat using the same server as the game. I would rather use the game server(s) for movement, inventory control, etc. The Chat could really put a load on the server and possibly create lag. Your feedback is greatly appreciated.

#2 Yeah, so far we use a separate server for chat that will handle people coming online/offline ... guild chat etc. Seemed the best way to deal with it, and it makes the whole thing more modular and easier to manage. Everything is written, its just at the moment it would be incredibly easy to exploit with a packet editor. Thanks a lot for those links, ill take a look now!

Henry

#3 You can't use MD5 to encrypt chat messages.

Quote:
Everything is written, its just at the moment it would be incredibly easy to exploit with a packet editor.

I suppose you haven't tried? Looking at Torque strings in a packet sniffer won't give you anything that even remotly resembles written text. It's Huffman compressed.

LibTomCrypt is what TNL is (was?) using and I use it myself in our project.

Use a public key crypto (I prefer RSA) to safely pass along a cipher key of your favourite encryption type. In our case, we currently use TEA for game communication (not chat, only commands) and AES for critical stuff like account information. Passwords are hashed.

#4 "I suppose you haven't tried? Looking at Torque strings in a packet sniffer won't give you anything that even remotly resembles written text. It's Huffman compressed."


Yeah, i have. The TCPObject must external to the normal TNL encryption?

#5 @Stefan: If it is Huffman compressed and looks like gibberish in a packet sniffer, would this following resource be secure? It uses a dedicated server with specific Client/Server code written in TorqueScript.
TorqueScript based custom chat client & server
www.garagegames.com/index.php?sec=mg&mod=resource&page=view&qid=5457
Hope this all helps. It did me. I didn't think the md5 through, I forgot there is no way to decrypt an md5 as far as I know.

#6 @Stefan: If it is Huffman compressed and looks like gibberish in a packet sniffer, would this following resource be secure? It uses a dedicated server with specific Client/Server code written in TorqueScript.
TorqueScript based custom chat client & server
www.garagegames.com/index.php?sec=mg&mod=resource&page=view&qid=5457
Hope this all helps. It did me. I didn't think the md5 through, I forgot there is no way to decrypt an md5 as far as I know.

#7

Quote:
Yeah, i have. The TCPObject must external to the normal TNL encryption?

Bah. You're right, I totally forgot about that. In Torque, only UDP uses Huffman encryption.
Wouldn't it be pretty simple to port that over though? I didn't use TCPObject long enough, sorry for the confusion.

Oh and btw, you're using TGEA so don't confuse that with TNL. TNL is different, and TGEA/TGE doesn't have any encryption whatsoever. It might be the same base, but there are additions (like encryption) in TNL that makes it a very different beast.

#8 Oh, i assumed that encryption was part of TGEA/TGE. Thanks for letting me know Stefan! So there is no encryption atall? Thats bad news. Ill have to look into sorting that. Anyone had any experiance with this?

Henry

#9 No there is no encryption at all ... but there is the cipherlib resource for TGB that offers that for files.

#10 Thats rubbish. Why on earth would they have a networking library with the great features like that but not implment it in their own engine?
Best get started on a solution ... Sigh.

Henry

#11 Because TNL on its own costs more than TGE at all?

And because TGE has some features that TNL does not have which potentially would be defeated by encrypting the data.

#12 What would the encryption affect?
Unfortunately i don't have much of a choice other than to use some kind of encryption.

Henry

#13 TNL was extracted from TGE's network structure. And then, to make a viable product for other engines (as it was to be used as a third-party product for other engines/network services than Torque), features were added. There was a plan to backport some of the features, but I haven't heard anything on that front for a long time.