[MUD-Dev] strong encryption for authentication

Kwon Ekstrom justice at softhome.net
Fri Jul 13 13:24:02 CEST 2001


I'd like to point out that this thread seems to be degenerating, the points
of encryption I've noticed is:

  PRO:

    Security
    Prevent "out of game" knowledge
    Allow Credit Card and other "secure" transactions*
    Authentication*
    Allow Privacy
    Protocol protection

      * not required for entire connection.

  CON:

    Resource overhead.
    Compatability

I'm sure I missed a few here, since I've only been skimming this
thread...

It pretty much falls down to these categories, a variety of ways to
limit the overhead have been mentioned, most cost $$$ that many mud
developers don't have.  While I beleive that encryption would be a
nice addition for muds to use in order to protect your password for
instance, I don't beleive it should be in full time usage, or even a
requirement.  The problem with worrying about packet sniffing is
almost irrelevant, 99.9% of the internet community doesn't have the
required knowledge or tools, even if they are in a position to use
them.  It's my understanding that in order to intercept packets you
must be on the same local network, or en-route of the network.

The gains for the average server are small but can have dramatic
resource overhead which can and will increase maintenance costs.
Larger servers probably get the most benefit from this scenario, but
most mmorpg's use their own client and can implement it on their
own, bypassing the compatability issue.

Um, on the side, if someone does make a graphical mud lib, as per
the Libs for 3D Client/Servers thread, this might be a good idea to
implement.

As for being able to take credit card information and other
"secure"... I think that can best be handled by a web form using
https.  And is probably more user friendly than the average text
based game.

I am working on a dedicated client for my java mud that I'd like to
allow ssh packets to be sent with... so I'm all for the idea of
encryption, I just don't beleive it should be turned on and left
that way.  I don't intend to be using encryption, but I want to
release the client and code when I'm finished and think that someone
may want to use it in the future.  And as mentioned it'd be
wonderful for authentication.

As every other tool, it's just a tool, use it when you need it, but
otherwise put it back in the box.

-- Kwon Ekstrom

_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev



More information about the mud-dev-archive mailing list