Minetest Forums

Title says it all.

Why? Do you plan to share your credit card details on a server?

Google it if you want to know why. I am sure there are plenty of reasons.

Krock wrote:Why?

CSM security.

Krock wrote:Why? Do you plan to share your credit card details on a server?

Probably one wants to send government's super secret documents through minetest. Or he is probably a terrorist.

Reedych wrote:Probably one wants to send government's super secret documents through minetest. Or he is probably a terrorist.

Or simply because one does not want to have arbitrary code to be injected and then be executed within the Lua environment of Minetest mods?

Or just because it is 2018 and no-one in the right mind wants unencrypted connections to servers of any kind?

I am pretty sure I'm not a terrorist...
Boom !
BTW, such a connection would probably allow 3rds to (a) just insert junk/malicious stuff into connection or (b) identify clients + monitor their activity

LMD wrote:BTW, such a connection would probably allow 3rds to (a) just insert junk/malicious stuff into connection or (b) identify clients + monitor their activity

Both is true when not encrypting the traffic.

LMD wrote:I am pretty sure I'm not a terrorist...
Boom !
BTW, such a connection would probably allow 3rds to (a) just insert junk/malicious stuff into connection or (b) identify clients + monitor their activity

I can suggest also certificates.

Without google:
1) Not encrypting the connection would make the server vulnerable to Denial Of Service attacks. If anybody asks "why", the short answer is "IP spoofing" and the long answer is very long. Yes, IP spoofing is still possible on the internet.
2) Encryption also makes it less feasable to disconnect other players by sending wrong pakets in their name. That means encryption stabilizes the connection between client and server.

Last but not least, what's happening between you and any server is nobody's business. Period.

Vapalus wrote:Without google:
1) Not encrypting the connection would make the server vulnerable to Denial Of Service attacks. If anybody asks "why", the short answer is "IP spoofing" and the long answer is very long. Yes, IP spoofing is still possible on the internet.
2) Encryption also makes it less feasable to disconnect other players by sending wrong pakets in their name. That means encryption stabilizes the connection between client and server.

Last but not least, what's happening between you and any server is nobody's business. Period.

Good arguments!

Reedych wrote:

Vapalus wrote:Without google:
1) Not encrypting the connection would make the server vulnerable to Denial Of Service attacks. If anybody asks "why", the short answer is "IP spoofing" and the long answer is very long. Yes, IP spoofing is still possible on the internet.
2) Encryption also makes it less feasable to disconnect other players by sending wrong pakets in their name. That means encryption stabilizes the connection between client and server.

Last but not least, what's happening between you and any server is nobody's business. Period.

Good arguments!

Not really. Saying "what's happening between you and any server is nobody's business" so we should encrypt is like saying that all building in Europe should resist magnitude 8 earthquakes. That's not really helpful.

Let me tell a little tale: for years, the package manager of the Emacs text editor was fetching the source of some packages from a wiki that was publicly editable. Anyone could have modified those packages without even having to sign in on the wiki. For those who don't know it, Emacs is feature-rich and relatively popular editor. By modifying a package, one could have easily wiped whole hard disks, or sent its contents to a server, or encrypted those files and asked for a ransom. But it never happened, as far as I know. It's only because of the recent misfortunes of package managers for really popular software that Emacs users became worried about this issue.

Security is more relevant today than it was years ago ! BTW, you wouldnt know if some hackers made some bad stuff, for example, copying all data...
SECURITY BY OBSCURITY IS NEVER A GOOD IDEA ! AND ENCRYPTION REALLY ISNT HARD !

Astrobe wrote:Saying "what's happening between you and any server is nobody's business" so we should encrypt is like saying that all building in Europe should resist magnitude 8 earthquakes. That's not really helpful.

Bad analogy. A better one is: “… is like saying ‘I’m not locking my door because there weren’t any burglars in my neighborhood so far’.”

The example I gave isn't for years ago; the popular Emacs package repo began to take action a few months ago.

"You never know" is the typical FUD one finds when security is discussed online. Aside from script kiddies and other annoyances, real bad guys are looking for profits for their efforts in creating, dissimulating and spreading their malware.

There's very little to be gained from eavesdropping a Minetest connection. Even tampering with it is probably not worth it. There's certainly more to gain from setting up honeypot servers that would exploit some vulnerabilities of the clients to perform remote code execution.

Encryption isn't hard... For those who don't have to implement it. As a starting point, do you have suggestions about which multi-platform encryption library one could use?

But it's less about difficulty than about computer resources. Some people run Minetest on small devices, and encryption isn't free. Beyond CPU cycles, it's also more bytes exchanged on the wires and longer connection times because of key exchange.

Linuxdirk wrote:

Astrobe wrote:Saying "what's happening between you and any server is nobody's business" so we should encrypt is like saying that all building in Europe should resist magnitude 8 earthquakes. That's not really helpful.

Bad analogy. A better one is: “… is like saying ‘I’m not locking my door because there weren’t any burglars in my neighborhood so far’.”

This analogy is pretty common but is actually terrible, because it doesn't balance risks and costs. Not locking your door is a risk you take, but you gain next to nothing from it.

Astrobe wrote:This analogy is pretty common but is actually terrible, because it doesn't balance risks and costs. Not locking your door is a risk you take, but you gain next to nothing from it.

You mean nothing except random people who can walk in and stealing my stuff and don’t even need to break anything for that?

No. I was talking about the gain associated with the risk taken, you are talking about the loss associated with the risk taken. Of course your analogy is designed in such a way that the hope of gain is 0 at best. It is terrible because it is often used in situations where this is not the case (see my previous post about what we gain from not encrypting our traffic and add to it the fact that when a dev works on it, they don't work on gameplay-related features). It is used to play on the aversion people naturally have against risk and uncertainty.

I am convinced our fellow devs would manage to switch to some network traffic encryption library in less than a week.
It's nothing new, therefore there are multiple good choices, such as SSL : http://info.ssl.com/article.aspx?id=10241

Astrobe wrote: Not really. Saying "what's happening between you and any server is nobody's business" so we should encrypt is like saying that all building in Europe should resist magnitude 8 earthquakes. That's not really helpful.

And the rest of the arguments?
You disapprove of something I didn't even use as an actual argument but as a booster, and try to counter the real arguments by talking about something off topic in a way that has not much to do with encryption.
So, what does an opensource concept of some editor have to do with the network security of a server? It sounds very far fetched up to now.

And, to counter the only thing those two have in common:
Even if most people are nice people, I wouldn't give some stranger my car keys.
Even if I'm sure this piece of road is straight, I wouldn't drive blindfolded.
Even if nobody is driving that highway right now, I wouldn't let my children play on it.

Most people are actually nice people, who want to help, that is true. But if there is nothing to prevent people from breaking into systems, all those nice people will be terrorized by one stupid guy. That's definitely not worth the risk, because it gives those power who don't deserve it.

C'mon guys ... are we really discussing whether encryption is good or bad?

It is ALWAYS good. A connection that is not encrypted lacks an important security feature. No matter if the encryption is used to transfer positional data for an online game or checking the bank account.

Minecraft does not use encryption. The fact that is does not use it makes it less secure. There is nothing to discuss, that is a fact. The issue can only be solved by encrypting the connection.

The communication should be encrypted as it avoids MITM attacks, but in real terms it's not going to be that big of an issue as Minetest isn't that common and becoming a MITM is hard without being on the same network. TL;DR: I'm in favour but it's not as bad as an issue as you say it is.

Linuxdirk wrote:It is ALWAYS good.

There is actually an exception to this - aptitude repositories are served over HTTP because it allows the creation of local mirrors, and is no less secure because packages are signed. Using HTTPs wouldn't be any more private as you could find out the package using the size.

LMD wrote:I am convinced our fellow devs would manage to switch to some network traffic encryption library in less than a week.
It's nothing new, therefore there are multiple good choices, such as SSL : http://info.ssl.com/article.aspx?id=10241

This is a protocol, not a library. OpenSSL is a library. Furthermore, SSL is over TCP while Minetest, as far as I know, uses UDP.

rubenwardy wrote:aptitude repositories are served over HTTP because it allows the creation of local mirrors,

Arch Linux allows creating local repositories, too. And it also supports HTTPS repositories. Your argument is invalid.

Vapalus wrote:

Astrobe wrote: And, to counter the only thing those two have in common:
Even if most people are nice people, I wouldn't give some stranger my car keys.
Even if I'm sure this piece of road is straight, I wouldn't drive blindfolded.
Even if nobody is driving that highway right now, I wouldn't let my children play on it.

Of course nobody would take risks for nothing. If you refuse to go beyond this argument level, there's no point in talking. Please someone at least attack my argument on the overhead encryption introduces.