Complete.Org: Mailing Lists: Archives: freeciv-dev: May 2004:
[Freeciv-Dev] Re: (PR#8839) pingtime is insecure

[Freeciv-Dev] Re: (PR#8839) pingtime is insecure

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	jdorje@xxxxxxxxxxxxxxxxxxxxx
Subject:	[Freeciv-Dev] Re: (PR#8839) pingtime is insecure
From:	"Raimar Falke" <i-freeciv-lists@xxxxxxxxxxxxx>
Date:	Fri, 28 May 2004 06:15:34 -0700
Reply-to:	rt@xxxxxxxxxxx

<URL: http://rt.freeciv.org/Ticket/Display.html?id=8839 >

On Tue, May 25, 2004 at 05:44:06PM -0700, Jason Short wrote:
> 
> <URL: http://rt.freeciv.org/Ticket/Display.html?id=8839 >
> 
> The current pingtimeout can be easily fooled by the client:
> 
> - He can make it seem higher than it is by waiting before sending the pong.

Yes I know about this.

> - He can make it seem lower than it is by pre-emptively sending the pong.
> 
> The former is unavoidable, but doesn't give much advantage to the 
> player.  The latter is easily avoidable.  All we have to do is send a 
> signature with each ping and compare it against the reply.

YES. Lets cryptographically sign all ping packets.

Sorry couldn't resist.

        Raimar

-- 
 email: rf13@xxxxxxxxxxxxxxxxx
 "Just because you put a flag on the moon doesn't make it yours, it just
  puts a hole in the moon."

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] Re: (PR#8839) pingtime is insecure, Christian Knoke, 2004/05/26
- [Freeciv-Dev] Re: (PR#8839) pingtime is insecure, Raimar Falke <=

Prev by Date: [Freeciv-Dev] Re: (PR#8841) warning when compiling with NDEBUG
Next by Date: [Freeciv-Dev] Re: (PR#8844) CMA bug
Previous by thread: [Freeciv-Dev] Re: (PR#8839) pingtime is insecure
Next by thread: [Freeciv-Dev] new Simplified CHinese localization
Index(es):
- Date
- Thread