Minetest 2-factor Authentication Service[mt2fa]

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Minetest 2-factor Authentication Service[mt2fa]

by sofar » Sun Jan 07, 2018 08:27

For the past weeks I have been working on an idea to solve several issues that currently exist due to the way minetest handles usernames and passwords, and I've made a solution that I will be sharing with everyone:

Minetest 2-Factor Authentication Service

This service consists of a mod and a backend that together create a 2-factor authentication service. This service creates a way for players, and for server owners, to create "trust" that can be verified. This "trust" is created by providing an email address, and this email address will be used by the service to confirm that the person who wants to interact (login, change IP address of the server, etc.) is actually in control of that email address.

Together, this allows server owners to verify that returning players are actually who they say they are, and players can verify that they're actually logging in on the correct server. If changes occur, for instance, the server changes IP address, then all transactions are on hold for that server until the server owner confirms the IP address.

Servers becomes a trusted thing. A server owner needs to register their server with the service, before they can have players register or authenticate. If the server changes IP addresses, the server owner will need to confirm this change.

Persons can register from any trusted server using an email address. This links the playername on that server to their identity. The email address is not stored on the game server, but will only be sent to the -factor server. Once the person confirms the identity, it can be used on other servers, and even on the same gameserver again for other player accounts.

Players become trusted on every server due to their connection to the registered Identity. This allows a person to have many identities, either on the same or on different servers.

Interactions:

The game server, the 2-factor service (from here on: mt2fa) interact through HTTPS. In general, events on the game server cause the sending of requests to the mt2fa service. If required, the player or server owner will sent an email with a confirmation token that they need to "click". This sends another HTTPS message back to the mt2fa service that the request is legitimate and confirmed. Meanwhile the game server sees the confirmation and the requested data is exchanged and the required changes are made.

In this way, the following things can happen:

- the game server owner registers the server
- the game server owner confirms an IP address change for a registered server
- the player registers their identity
- the player connects their identity to a playername on a specific game server
- the player authenticates on a specific game server
- the game server inquires whether a player must authenticate or not

What happens next is up to the server owner. They can decide to "enforce" or not:

- the server can require registration of users - either for all users, or for some, or for none
- the server can require authentication of users- either for all users, or for some, or for none

But, the player also gets to choose and force the server if they want to:

- if registration is not required for a user, they can still register themselves
- if authentication is not required for a user, they can still force the server to authenticate them

If registration or authentication is required for a player, or requested by themselves explicitly, they must complete this before a grace period expires, otherwise they will be removed from the server. During the grace period, the player will not have any player privs, and, if any of the interactions fail, the player will be removed from the server.

You can see that some server owners would make registration required for all players for instance, or authentication required for moderators and players with special privileges!

As of now, I have planned several more features:

- allowing a player to reset their passwords on a server, without interaction of the server owner
- allowing a player to change their email for their identify.
- allowing a server owner to change the email for their registered server.

Why am I writing this?

- some way to create a level of trust that allows players to say "it's really me" and having an actuall way to verify that, will certainly help some servers to open up to more players from the internet.
- some way for players to stay in control over their accounts on servers, prevent account sharing and borrowing and just being a little bit more careful with it.
- some way for players to recover a lost password without interaction, in a safe and validated way.
- a way for server owners to show the same level of trust - players can now verify and know that server owners also have to confirm their identity, and so there's a way to spot "stolen" server identities.

Are you using this yourself?

No. I do not intend to enable this for my own server. The server I run does not suffer from most of the problems that this is intended to solve due to its unique nature. I may change my mind in the future but for now I don't see a reason to.

How do I enable this or use this?

I have deployed a public instance of the mt2fa service. I will run this service and everyone is free to use it for the purposes shown above. I will also post a server `mod` that allows your server to use all the functionality listed above, and all the code (including all the server code) so that you can verify what it does, and help me develop it further.

You can run your own mt2fa instance, but I would not recommend it, as this would make things more complex for players, since then they would have identifies on several mt2fa servers. However, I won't stop you from doing this.

I will maintain and keep maintained the mt2fa public instance. You and anyone running a minetest server can use it as long as you want.

What about privacy?

I will post a privacy policy soon. It will be reasonable, there will be no sharing of any personal data, email etc. unless required by law. We will not post any specific data but we will monitor usage and make statistics available but not anything with personal data (emails).

Show me the code already!

This is the part you want for your server:

Minetest server mod Project: https://github.com/sofar/mt2fa
License: ISC
Dependencies: none
Archive download: https://github.com/sofar/mt2fa/archive/master.zip

You don't need this, you can, and probably should, use the public mt2fa server URL instead:

MT2FA Service daemon Project: https://github.com/sofar/mt2fa-server
License: ISC
Dependencies: nginx or apache,
Archive download: https://github.com/sofar/mt2fa-server/archive/master.zip
(Binaries for x86_64 linux will be posted at a later stage).
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Discussion rules

by sofar » Sun Jan 07, 2018 08:27

Please remember:

- if you're not going to use this on a server, you don't have to
- you can run your own instance of the mt2fa service

also:

- if you hate this, please, just don't reply
- if you have criticism, try to remain open minded and keep the discussion from derailing

your cooperation is appreciated and will keep the discussion constructive and enjoyable.
 

User avatar
rnd
Member
 
Posts: 207
Joined: Sun Dec 28, 2014 12:24
IRC: ac_minetest
In-game: rnd

Re: Minetest 2-factor Authentication Service[mt2fa]

by rnd » Sun Jan 07, 2018 10:34

It appears to be: minetest server uses http lua api to send http request to your local go application which listens to http request and then sends/receives https request to next target. Good to see some
useful code for making https servers.

I searched a little and there seems to be https for lua too: https://github.com/brunoos/luasec/wiki

about using crypto schemes: https://security.stackexchange.com/ques ... ll-our-own
Last edited by rnd on Mon Jan 08, 2018 10:47, edited 1 time in total.
 

User avatar
sorcerykid
Member
 
Posts: 863
Joined: Fri Aug 26, 2016 15:36
Location: Illinois, USA
GitHub: sorcerykid
In-game: Nemo

Re: Minetest 2-factor Authentication Service[mt2fa]

by sorcerykid » Sun Jan 07, 2018 17:29

I'll give you credit, as this is certainly is a noble concept, in principle. However, it doesn't really improve trust nor security since there is no guarantee that personal data being collected and stored by a third party (one which has no certification for handling such data) cannot be compromised or otherwise mishandled.

I think it's one thing for a single service to request confidential information for use exclusively by that service, but entirely another to create a central agency of sorts that uses confidential information to authenticate across a variety of disparate services. That is a whole different can of worms. The link rnd shared is an apt concern as well. Just some thoughts.
 

User avatar
rubenwardy
Moderator
 
Posts: 5545
Joined: Tue Jun 12, 2012 18:11
Location: United Kingdom
GitHub: rubenwardy
IRC: rubenwardy
In-game: rubenwardy

Re: Minetest 2-factor Authentication Service[mt2fa]

by rubenwardy » Sun Jan 07, 2018 17:43

For 2FA, it's much better to implement TOTP. This allows a server to have 2FA without depending on any other servers. There is a UX issue with this - most authenticator apps allow you to manually enter a code, but a QR code is more user friendly. You could potentially implement QR codes using formspecs or texture modifiers, but that probably prove to be difficult.

Allowing a third-party server to reset passwords seems like a bad idea to me. Email verification is also slow and annoying - although is not so bad if you can just click a link
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Sun Jan 07, 2018 23:27

rnd wrote:Until i see source my only comment will be: https://security.stackexchange.com/ques ... ll-our-own


Sources posted. I didn't create any crypto. The service is using HTTPS encryption for exchanges. The only thing the daemon does is create "cookies" and "tokens" which are generated using random data and are 192bits. Since they aren't made using any known factors, I consider that secure enough for the purposes. The tokens by themselves also do not have any intrinsic value, a token can't give you anything. by itself.
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Sun Jan 07, 2018 23:38

rubenwardy wrote:For 2FA, it's much better to implement TOTP.

Allowing a third-party server to reset passwords seems like a bad idea to me. Email verification is also slow and annoying - although is not so bad if you can just click a link


TOTP would increase the security of the authentication, but do nothing for server owners to know that their players are actually people who are willing to convey their email address instead of being purely anonymous.

This project doesn't exist to make people purely anonymous, the goal is actually for everyone to certify themselves using their email address to show everyone that they're not going to do bad things.

What you are thinking of is therefore something completely different. Not useless, just very different.

The way this project works is that server owners and players all put something verifyable into a central hat(the service daemon) and everyone can check eachother, through an open and traceable service. TOTP doesn't provide any additional trust other than "this is the same person as the last time" but not "this person can actually be traced to a human with an email address".

Having a password reset capability that doesn't require an admin seems like a reasonable functionality to me. After all everything is verified and nobody except the person holding the account can initiate a password change. Would you want server owners to do this for all of their players? They have no way to even verify that the player is who they say they are right now, and without being able to log in (TOTP won't solve this) they can't prove anything.
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Sun Jan 07, 2018 23:45

sorcerykid wrote:I'll give you credit, as this is certainly is a noble concept, in principle. However, it doesn't really improve trust nor security since there is no guarantee that personal data being collected and stored by a third party (one which has no certification for handling such data) cannot be compromised or otherwise mishandled.

I think it's one thing for a single service to request confidential information for use exclusively by that service, but entirely another to create a central agency of sorts that uses confidential information to authenticate across a variety of disparate services. That is a whole different can of worms. The link rnd shared is an apt concern as well. Just some thoughts.


The only personal data that the 2fa service collects are:

- email address of the server owner
- email address of the player/person

this is needed to verify that requests to the service are validated. No other "personal" data is recorded, and that wouldn't make any sense. Note that I don't consider "player names", "server IP addresses" or "times of interaction with the server" necessily "personal" data as it's entirely public that when you play minetest online that anyone could record those pieces of information.

RND thinks I wrote crypto. I didn't. I use HTTPS to convey the email address between the game server and the mt2fa service. It is used to send emails using TLS (587) connections, so even that is done using secure industry practices.

Last, you can run your own mt2fa-server, and remove your last objections against a "central" service. Of course, this would make things more complex for players, but that's up to people like you who run servers to decide.
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Sun Jan 07, 2018 23:49

I just posted all the code. I'll be working on a setup guide for the mod, as it isn't entirely trivial just yet. I will assume people will be using the server I deployed for testing purposes in the mean time. The setup code for the mod will go into the `readme.md` of the mod project.
 

User avatar
rnd
Member
 
Posts: 207
Joined: Sun Dec 28, 2014 12:24
IRC: ac_minetest
In-game: rnd

Re: Minetest 2-factor Authentication Service[mt2fa]

by rnd » Mon Jan 08, 2018 11:22

updated my top comment. More long term idea, requires 1 trusted point ( i assume server list page is trusted), also works transparently in background, no need for any 'mail verify' - basically it emulates ideas from https:

1. make 'certificate authority' that issues server certificates ( basically public keys from 'public cryptography, private key is sent to server owner). List of those public keys can then be made freely accessible - on server list maybe.

2. when you connect to server client sends to server random challenge to digitally sign by server and then checks the signature using servers public key. If signature valid - this verifies server is who it says it is.

3. same thing could be done for client ( server checks authenticity of client )

4. This wouldnt be 'required' to play, only unchecked servers would then be marked with 'unchecked' on serverlist. Also note that this doesn't reveal any useful info to either client or server, but it does verify each party authenticity.

5. if you worry about that 1 authority going rogue, use several of them and then you get something like: 7 of 10 authorities say this guy is ok...
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Mon Jan 08, 2018 18:32

rnd wrote:updated my top comment. More long term idea, requires 1 trusted point ( i assume server list page is trusted), also works transparently in background, no need for any 'mail verify' - basically it emulates ideas from https:

1. make 'certificate authority' that issues server certificates ( basically public keys from 'public cryptography, private key is sent to server owner). List of those public keys can then be made freely accessible - on server list maybe.

2. when you connect to server client sends to server random challenge to digitally sign by server and then checks the signature using servers public key. If signature valid - this verifies server is who it says it is.

3. same thing could be done for client ( server checks authenticity of client )


Those are good ideas, and similar to TOTP as rubenwardy proposed, however, they avoid the "the player has to provide something of value" benefit. Essentially, what you propose could live alongside this project. The choice for this project to rely on email was on purpose. It also avoids doing crypto entirely. What you want extensively relies on crypto as well, which poses additional risks.
 

dawgdoc
Member
 
Posts: 232
Joined: Mon Feb 27, 2017 01:10
GitHub: dawgdoc

Re: Minetest 2-factor Authentication Service[mt2fa]

by dawgdoc » Tue Jan 09, 2018 06:29

Sofar,

Would the mt2fa permit email filters? What I am specifically referring to is allowed by gmail and other providers and is seen in the form of username+someword@domain.com for a person whose true email address is "user@domain.com". This is something I almost universally do when registering for a site and wish to monitor the source of new emails.
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Tue Jan 09, 2018 07:03

dawgdoc wrote:Would the mt2fa permit email filters? What I am specifically referring to is allowed by gmail and other providers and is seen in the form of username+someword@domain.com for a person whose true email address is "user@domain.com". This is something I almost universally do when registering for a site and wish to monitor the source of new emails.


The way I'm implementing it allows this by design. The emails that are provided become only active after we've successfully used them to verify the identiy, and so as long as they work, things like `+` characters are OK.
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Wed Jan 10, 2018 07:15

I've squashed a few more bugs and debugged the 'only registration required' codepaths, making this now ready for use in servers where people want to deploy it in these lighter settings.

Make sure to regularly update the mt2fa lua mod as that's where most of the bug fixes will end up going into. In the future, I'll have the server send update notifications to game servers.
 

Gundul
Member
 
Posts: 358
Joined: Thu Aug 27, 2015 10:55
Location: Europe/Asia
GitHub: berengma
IRC: Gundul

Re: Discussion rules

by Gundul » Wed Jan 10, 2018 19:55

sofar wrote:Please remember:

- if you hate this, please, just don't reply
- if you have criticism, try to remain open minded and keep the discussion from derailing



You can not imagine how I hate this! You can censor my post a hundred times more if you like.
Any kind of identification or double identification in the minetest universe is a total waste of time
and energy in my opinion. It is only a game. And censorship and identification in places where it
is not needed at all is the beginning of the end.
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Discussion rules

by sofar » Wed Jan 10, 2018 19:57

Gundul wrote:You can not imagine how I hate this! You can censor my post a hundred times more if you like.
Any kind of identification or double identification in the minetest universe is a total waste of time
and energy in my opinion. It is only a game. And censorship and identification in places where it
is not needed at all is the beginning of the end.


You were shitposting before.

Now you've actually made some argument, although it's still completely garbage, and you haven't read the code, nor tried to keep an open mind, nor did you bring any reasonable new viewpoint to the table.

So, go ahead, and continue to behave like an idiot some more.
 

Gundul
Member
 
Posts: 358
Joined: Thu Aug 27, 2015 10:55
Location: Europe/Asia
GitHub: berengma
IRC: Gundul

Re: Discussion rules

by Gundul » Wed Jan 10, 2018 20:34

sofar wrote:You were shitposting before.

Now you've actually made some argument, although it's still completely garbage, and you haven't read the code, nor tried to keep an open mind, nor did you bring any reasonable new viewpoint to the table.

So, go ahead, and continue to behave like an idiot some more.



Long time ago when I was young people used to say an idiot is someone who disallow someone to say his opinion. Nevertheless if shitpost or not. It is not up to you to decide.
There is no identification needed. That is what I think about it.
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Discussion rules

by sofar » Wed Jan 10, 2018 20:58

Gundul wrote:Long time ago when I was young people used to say an idiot is someone who disallow someone to say his opinion. Nevertheless if shitpost or not. It is not up to you to decide.
There is no identification needed. That is what I think about it.


You're entitled your opinion. You're not entitled to shitposting. You were shitposting.

And again, you contribute nothing to the discussion, and you're now 100% effective in derailing this discussion. Congratulations, you are now censoring ME.
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Wed Jan 10, 2018 21:00

I'm no longer going to read this thread. Anyone who wants to discuss it, you're welcome to do this on the github project. Shitpost all you fucking want in here. I give up.
 

User avatar
GreenDimond
Member
 
Posts: 1196
Joined: Wed Oct 28, 2015 01:26
Location: A place
GitHub: GreenXenith
IRC: GreenDimond
In-game: GreenDimond

Re: Minetest 2-factor Authentication Service[mt2fa]

by GreenDimond » Wed Jan 10, 2018 21:11

*sigh*
I wish some people weren't absolute morons.

I quite like this idea, could solve many problems.
My YuTube channel | I moderate the HOMETOWN Server. | Click here to see my (5) mods!
 

User avatar
sorcerykid
Member
 
Posts: 863
Joined: Fri Aug 26, 2016 15:36
Location: Illinois, USA
GitHub: sorcerykid
In-game: Nemo

Re: Minetest 2-factor Authentication Service[mt2fa]

by sorcerykid » Sun Jan 14, 2018 17:13

Hopefully we can get this discussion back on track. Obviously a lot of time was spent on this project, and whether it's a viable solution or not I don't know. But it would be interesting to at least see where it goes.
 

sofar
Developer
 
Posts: 1768
Joined: Fri Jan 16, 2015 07:31
GitHub: sofar
IRC: sofar
In-game: sofar

Re: Minetest 2-factor Authentication Service[mt2fa]

by sofar » Wed Jan 31, 2018 18:59

The server is up and running in production, and in use. I will be doing some small incremental changes to complete features such as password and email changes in the near future.

Given the recent amount of abuse that's been going on, maybe this project will be helpful for server owners.
 

User avatar
Lone_Wolf
Member
 
Posts: 1983
Joined: Sun Apr 09, 2017 05:50
Location: Hopefully very far from yours, snoop :P
GitHub: LoneWolfHT
IRC: Lone_Wolf
In-game: Lone_Wolf
 


Return to Minetest-related projects



Who is online

Users browsing this forum: No registered users and 1 guest