[crossfire] Steam Protocol Proposal
Pippijn van Steenhoven
pipbsd at gmail.com
Sat May 13 20:11:39 CDT 2006
Mark Wedel wrote:
> Now true public key can be used, with the player file storing one key,
> and the
> other being transmitted. That helps in the core dump/player analysis
> (that one key doesn't do any good), but doesn't help out much in the case
> of people sniffing - you just sniff what the client is sending to the
> server, and once again, hack your client to send that same byte sequence.
There is one thing not being thought about here, that is, that you can let
the server send a random sequence of bytes to the client, let it process
that and use the sequence in the server itself again to decode what the
client sent. That way, you cannot sniff and resend hashes because the sent
password will always be different.
Pippijn
More information about the crossfire
mailing list