Cryptography - An Introduction

[Merrok]

Cryptography Basics


Since I see lots of wrong assumptions about what IT-Security actually is and how it is practiced i thought I'd write a "small" thread on the topic to help you make your OT and personal data more secure.

Please be aware that i will just talk about basics and not go deeper into the matter. You are welcome to ask or google(or duckduckgo) for further information on certain topics.

Let's start with some basics. I know it's boring theory, but you will need to know this to understand further explanations.

Security goals

Core security goals: CIA

• Confidentiality: Protection of unauthorized retrieval of Information
• Integrity: Protection of unauthorized modification of data
• Availability: Protection of unauthorized disturbance of the usability of functions

Additional goals

• Accountability: Proof of the originality of the identity of the subject/object¹
• Authenticity: Protection of unallowed denial of performed actions
• Privacy: Anonymity; Securing the untraceability; Protection of personal data

Encryption & Hashing
Encryption and Hashing often get mixed up. In the following I will explain Encryption and Hashing as well as differences between those.

Encryption
explanation: An encryption algorithm maps a plaintext to a ciphertext. The point of encryption is to ensure confidentiality. Without the key to decrypt the message, it is basically impossible to get the plaintext out of the ciphertext. Now there are 2 typs of encryption, symmetric encryption and asymmetric encryption.

Symmetric Encryption
Symmetric encryption has one key to encrypt and the same to decrypt. This key must be held secret for the purpose of third parties being unable to decrypt your message. An example for a symmetric encryption is AES. It is the standard symmetric algorithm and used in many protocols like TLS, WPA2 or SSH. I will not go deeper into the matter since I do not think it is relevant at this point.

Asymmetric Encryption
Asymmetric encryption works with a public and a private key. The public keys purpose is to encrypt the plaintext and only the private key is able to decrypt the message. So the private key must be kept secret while the public key can be sent to the partner so he is able to encrypt the message.
An example would is RSA, DH or ECC.
ECC (Elliptic Curves) are a very good alternative to the normal suspects of asymmetric encryption. Algorithms based on ECC can be way smaller for the same amount of security. For example A 2048Bit key in RSA has the same level of security as a 224Bit key in ECC.
I will dedicate an own post just for the topic of RSA, since it is the algorithm used to secure the Tibia connection and I will go deeper into the mathematics behind it.
I know it might be annoying to have a different RSA key for every server and therefore (so far) a different client per OT, but it is a necessary effort to make the ot scene more secure.

Hashing
A hashing algorithm maps a plaintext to a hash. It's purpose is to ensure the integrity and authenticity. There are different algorithms to hash text. The most known are MD5, SHA1, SHA2 and now even SHA3. The most common ones are sadly still SHA1 and MD5. Those are old, broken and cracked. They are outdated and should not be used anymore. You might as well transfer your data in plaintext if you use those. Instead you should always use a SHA2 (SHA256 or SHA512) or even a SHA3 algorithm.
Salt
Salts are texts that are added to passwords so that attackers have no possibility to use the information even if they get the hashed password. It also makes rainbow table attacks impossible since a hashed password like "password123" is not going to be the hash it would usually be, but a different one with the added salt. Use salt on your ot!

Signatures
Signing your messages gives you the possibility of ensuring accountability. Signatures are usually done using the asymmetric private key and verified using the public key. You sign your message using the key so that your partner knows the message was sent by you and noone else.

SSL (TLS)
Now on this topic we will really only scratch the surface since it is quite complicated when we go into the technological part of it. TLS is the more advanced version of the well known SSL, which is basically not supported anymore. It is what you know by https instead of http.
It's purpose is to secure the connection between a website and its' users. It uses different algorithms to negitoate the most secure connection possible, make sure the user is who he says he is and only hand out the information allowed to be given to the user. Its' security goals are integrity and confidentiality. It is a very important feature to have on your website and easy to implement.
For a few years now, big companies have gathered together to make the Internet more secure and support Let's Encrypt in their work of handing out free TLS Certificates to any website. So use their service and protect your website and its' users!
If you use it please also make sure to enforce the https use and redirect any http requests to https.


¹objects are assets that are worth being protected; subjects are active units allowed to use objects

 

[Merrok]

RSA
Now we are going to talk about RSA, this is gonna be a little bit more complicated since I'm going to explain the mathematics behind it.

First of all some definitions:

• p & q are big prime numbers
• n is the rsaModulus n=pq
• x is the plaintext
• y is the cryptotext
• e is the public key
• d is the private key
• Zn ϵ {0,1, ... , n-1}
• k is just a number you'll get and use in step 5 but is irrelevant for the encryption

Preperation

1. Choose 2 large, secret, primenumbers p and q (>512Bit, better >2048Bit)
2. Calculate the rsaModulus n = pq , n is going to be public
3. Calculate φ(n) = (p-1)(q-1)
4. Choose public exponent e ϵ {1,2,...,φ(n)-1} so that gcd(φ(n), e) = 1
5. Calculate the private exponent d, so that ed+kφ(n) = gcd(φ(n), e) = 1 using the extended euclidean algorithm

The Encryption
You got the plaintext x and and public key (n, e)
Encryption E(x,e) = xe mod n = y with x,y ϵ Zn

The Decryption
You got the cryptotext y and the private key d
Decryption D(y,d) = yd mod n = x


Problems
Now this is textbook RSA, but is it actually secure? Well kinda. First of all it is really complicated choosing "good" prime numbers. Signing with RSA alone is quite insecure though since once the plaintext of x1 and x2 as well as their signatures are known it is possible to produce a valid signature without knowledge of d. (x1x2)d = sig1sig2 mod n = sig3. The solution to that is using a hash algorithm in combination with RSA.

 

[Merrok]

A few additional tipps to protect your data

Passwords:
Always use different passwords and always use complicated ones. I know it is a pain in the ass but it is necessary these days and there are tricks to keep your passwords rememberable but secure at the same time. For instance if you want to be able to remember your passwords use small tricks like if you are born in the year 2000 and like nike, dont add that simply to your password, you can for example add it in a hidden way like "N@!kE2*10e3". It might seem random, but it is not. To be able to remember all your different passwords simply use a password management software, protected by a password and with encrypted storage.

Social Engineering
Whilst you can ensure that your technologie is relatively save, the biggest vulnerability is still the human being. Do not give your login data to anyone, no company or OT for that matter will ever ask you for your login data. Do not click links any random person sends you. Do not trust a phone call who tells you, there is a problem with your $software and you need to do certain stuff they tell you to do. Never leave your pc unlocked and unwatched. An attack takes about 2 seconds. Belive me, I've done it.
In short: do not trust anyone!

Keep your OS updated
Always use the latest Long Time Support, stable version of software. Most viruses or worms do not work on the latest version of your operation system since it has already been patched. Some exploits are even patched before the virus itself is written. There are very few unpatchable exploits and even those get blocked using a different way, even though that often times causes loss of performance.

EU-GDPR, Safe Harbour
I thought of talking about the EU-GDPR and the Safe Harbour Privacy Shield as well, but i think it's best if you simply do the research on those yourself. They are important to know about though.


I have been inactive in this community for about a decade and in this time IT-Security in the Internet has changed alot, but it does not seem to change quite enough here. Following simple procedures makes your OT as well as your personal data alot more secure, so i appeal to your sense of reason, use TLS, use your own encryption key for your server, use up to date hashing algorithms, use secure passwords and all in all, use the knowledge you have just gathered to make the Internet a more secure place for everyone.

 

[Merrok]

Two years since and I still don't see any development.
Basically all OTservers are still using sha1. Outdated, not supported, and easy to brute force. Might as well not hash at all then.
At least a bigger amount of servers now use SSL (TLS) and encrypt their website traffic. But it is still not enough by far.
Setting the hash algorithm in the corresponding config files is not exactly rocket science. Just do it.
I have written a tutorial on how to use TLS, but you don't even have to use this. There are tons of better tutorials out there than mine. It is not an OT specific topic. You can just use cloudflare as well if you want to. They make it really easy to do so.
Due to custom content, we do see more custom clients. That's a good thing, but only as long as they also use their own encryption key. Without this a man-in-the-middle attack and also other attacks are alot easier. So also implement this. It is not a big effort, especially if you are already using a custom client, your players do not have any additional effort.

 

[Alpha]

Basically all OTservers are still using sha1.

Sadly that's the only hashing algorithm that the TFS master branch supports. There was a PR that implements new algorithms, but that hasn't gone anywhere yet: Create a hashing backend for multiple algorithms by ranisalt · Pull Request #2148 · otland/forgottenserver (https://github.com/otland/forgottenserver/pull/2148)

I'll inquire about the status of it, since most people probably aren't qualified enough to handle user data in a proper way, and then having a weak algorithm doesn't make that any better, if they manage to get their database leaked.

 

[Merrok]

Sadly that's the only hashing algorithm that the TFS master branch supports. There was a PR that implements new algorithms, but that hasn't gone anywhere yet: Create a hashing backend for multiple algorithms by ranisalt · Pull Request #2148 · otland/forgottenserver (https://github.com/otland/forgottenserver/pull/2148)

I'll inquire about the status of it, since most people probably aren't qualified enough to handle user data in a proper way, and then having a weak algorithm doesn't make that any better, if they manage to get their database leaked.

Actually didn't know that. I just remembered years ago there being attempts and options to use SHA2. So I just assumed it was possible for a long time already.
My fault for not looking into that. Thank you for pointing it out.
Sadly that doesn't make it any better since it actually is an important topic and this community lacks any kind of security.
That includes educating server owners in the field so they do know how to handle data. I guess most people don't want to bother, don't know why this should be done, or just don't care. The whole internet had this issue like a decade ago. Luckily most communities by now have a decent understanding of it and its' importance.

 

[Lordfire]

Author of that PR here. I will give it some love in the next couple of days, but proper password security implies in slow algorithms, so we will need to rework how the TFS scheduler works too, otherwise we are stuck with quick algorithms such as SHA1.

Note that theoretical attacks on SHA1 assume that you have the hash in hand first, and with a proper password your database will not leak, and you are not vulnerable to collision attacks. Besides that, if one has access to your database, you probably have more problems than a couple of hacked players. But it's a security flaw nonetheless.

 

[Merrok]

Author of that PR here. I will give it some love in the next couple of days, but proper password security implies in slow algorithms, so we will need to rework how the TFS scheduler works too, otherwise we are stuck with quick algorithms such as SHA1.

That would be great. Thank you a lot. Yeah, there will always be issues like this. It has always been a tradeoff between usability and security. But at some point, it is irresponsible not to switch in my opinion. Seen as TFS is an unfinanced open-source project (to my knowledge, correct me if I'm wrong), of course it takes someone willing to put in the work in a specific area like this. So it's awesome if you are.

Note that theoretical attacks on SHA1 assume that you have the hash in hand first, and with a proper password your database will not leak, and you are not vulnerable to collision attacks. Besides that, if one has access to your database, you probably have more problems than a couple of hacked players. But it's a security flaw nonetheless.

That is very true. But the safety net is still good. And after all, even anyone with access to the database should not be able to simply read every password (basically setting SHA1 equally with plaintext here now, even though it technically isn't).
Equally with MitM attacks of course. But there we have completely other problems as mentioned