| |
 |
|
|
Science Forum Index » Cryptography Forum » How about a server-side message with NO HMAC?
Page 1 of 1
|
| Author |
Message |
| Guest |
 Posted: Fri May 02, 2008 5:40 pm |
|
|
|
|
I have just adopted a secure protocol for a distributed multi-player
game from TLS/SSl,in which 1000+ players act in the same world. The
Question is about the Hashed-MAC field in its message format.
The protocol works much like SSL/TLS. Firstly "Hello", secondly
"Shake-Hand"and "RSA Public Key",then "Pre-Master Secret" and "Cipher
Algorithm Changed",at last comes the "Encrypted Game Msg".
The Format of "Encrypted Game Msg" includes
[1]Length
[2]Encrypted content
[3]Encrypted Hashed-MAC
[4]Encrypted Padding etc.
The protocol is symmetric:both client and server will generate and
send Hashed-MAC in 16 bytes.
Yet, I really suspect if a server MAC is necessary in a game context.
Because there are many cracked clients
or faked network message from the client to cheat. Instead, It is
difficult to modify or crack the network message
of a server serving for 1000+ connections at once. Moreover, to modify
such an output of server will not affect
the game logic running inside servers. At most, such a modification or
forgery will cause some clients to crash.
So, my question is: What security vulnerabilities will happen if we
omitted the HMAC of server? Is that affordable in a Multi-Player
Online Game? The saving of communication bytes and HMAC computation
really tempts me :-P
Would you please give some hints about the question? Thanks in
advance:-) |
|
|
| Back to top |
|
| |
|
Page 1 of 1
All times are GMT - 5 Hours
The time now is Thu Aug 07, 2008 6:50 pm
|
|