[MUD-Dev] strong encryption for authentication
Travis Casey
efindel at earthlink.net
Thu Jul 12 19:59:13 CEST 2001
On Thursday July 12, 2001 00:13, Caliban Tiresias Darklock wrote:
> On Wed, 11 Jul 2001 15:02:44 -0400, Travis Casey
> <efindel at earthlink.net> wrote:
>> 1 - In a commercial game, you may want users to be able to pay
>> their account within the game, change their billing address,
>> update credit card information, update their real email address,
>> etc. Encryption for any such personal or financial info is a
>> good idea, and *not* encrypting it could potentially form a basis
>> for negligence lawsuits... or at least require you to add some
>> scary language to your user agreement.
> Encryption of THAT data makes sense. Encryption of ALL data really
> doesn't.
Which is basically what I said in part of what you cut out -- that
#1 only requires encrypting *some* data, not all of it.
>> If you're not using some form of encryption, then what good does
>> a cookie-based OTP scheme do? If someone running a sniffer
>> intercepts the cookie
> ...it will be worthless.
> The cookie is randomly generated by the server when the password
> prompt is presented. It is then hashed into the player's password
> and returned.
Which is a form of encryption. As I said above... "If you're not
using some form of encryption..."
>> (On the other hand, though, why re-invent the wheel?
> My point exactly. If you have a special purpose use, you will need
> special purpose software -- which, in most cases, already
> exists. ;)
That still doesn't address all of the reasons, though -- e.g., point
#2.
--
|\ _,,,---,,_ Travis S. Casey <efindel at earthlink.net>
ZZzz /,`.-'`' -. ;-;;,_ No one agrees with me. Not even me.
|,4- ) )-,_..;\ ( `'-'
'---''(_/--' `-'\_)
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev
More information about the mud-dev-archive
mailing list