Elliptic Curve Cryptography

For code related discussions and questions
Post Reply
tnmurphy
New user
Posts: 4
Joined: 01 Apr 2012, 13:24

Elliptic Curve Cryptography

Post by tnmurphy »

Recently I updated and rebuilt only to have a problem because some part of warzone seemed to need Elliptic Curve cryptography support from openssl.

I'm using Fedora 18 and its openssl seems to be adapted for export restrictions. EC and ECDSA are not enabled. It was exceedingly difficult to recompile openssl in such a way that it worked on my system both for Warzone and all my other applications. Openssl is not easy to build anyhow but the complications of supporting a distribution mean that you have to build it from the RPM spec file with a lot of patches and the changes that are needed are quite complex and even then I had to do a partial "bodge" job so that I can't just redistribute the SPEC.

So I was just wondering if EC was really all that critical because it turns WZ from an easy build into a nightmare, at least for me.

Regards,

Tim
Cyp
Evitcani
Evitcani
Posts: 784
Joined: 17 Jan 2010, 23:35

Re: Elliptic Curve Cryptography

Post by Cyp »

Disabling EC/ECDSA is utterly ridiculous, it's just basic algebra... Reason for choosing EC was for a small signature size.

Maybe something like

Code: Select all

#ifdef INSANE_DISTRO
 bundle_OpenSSL_library()
#endif
Per
Warzone 2100 Team Member
Warzone 2100 Team Member
Posts: 3780
Joined: 03 Aug 2006, 19:39

Re: Elliptic Curve Cryptography

Post by Per »

Requiring EC in Warzone will make certain Linux distros stop distributing the game, even if we bundle our own copy of OpenSSL...
Cyp
Evitcani
Evitcani
Posts: 784
Joined: 17 Jan 2010, 23:35

Re: Elliptic Curve Cryptography

Post by Cyp »

What about disabling EC for those with certain Linux distros, then? (People with those distros would then not be able to verify the player ID of other players, and would not have player IDs themselves.)
Per
Warzone 2100 Team Member
Warzone 2100 Team Member
Posts: 3780
Joined: 03 Aug 2006, 19:39

Re: Elliptic Curve Cryptography

Post by Per »

Fine with me.
stiv
Warzone 2100 Team Member
Warzone 2100 Team Member
Posts: 876
Joined: 18 Jul 2008, 04:41
Location: 45N 86W

Re: Elliptic Curve Cryptography

Post by stiv »

Just a guess but...

I suspect this problem comes from some whacked-out United States policies on cryptography. According to the International Traffic in Arms Regulations (ITAR), certain types of strong cryptography are (or were) classified as munitions and therefore come under export controls.

IIRC, SourceForge asks some questions about crypto when registering projects so they don't run afoul of US (and possibly international?) law. It would not surprise me if other project hosting services had similar issues.

Disabling EC for certain distros seems to be forgetting the point of why we want to do this in the first place.
stiv
Warzone 2100 Team Member
Warzone 2100 Team Member
Posts: 876
Joined: 18 Jul 2008, 04:41
Location: 45N 86W

Re: Elliptic Curve Cryptography

Post by stiv »

GitHub says their home base is in San Francisco, California which suggests they come under US export laws. I just sent a message to their support team asking about this.
Cyp
Evitcani
Evitcani
Posts: 784
Joined: 17 Jan 2010, 23:35

Re: Elliptic Curve Cryptography

Post by Cyp »

Note that the Warzone2100 codebase doesn't do any EC stuff, it just makes some calls to OpenSSL, and as far as the Warzone2100 code knows, it could actually be doing ROT13.
User avatar
vexed
Inactive
Inactive
Posts: 2538
Joined: 27 Jul 2010, 02:07

Re: Elliptic Curve Cryptography

Post by vexed »

I am sure that fedora has the NSA seal of approval! ;)

P.S. Plc, fgbc gryyvat crbcyr jr hfr ebg13 gb rapbqr fghss, vg jnf fhccbfrq gb or n frperg!
/facepalm ...Grinch stole Warzone🙈🙉🙊 contra principia negantem non est disputandum
Super busy, don't expect a timely reply back.
Cyp
Evitcani
Evitcani
Posts: 784
Joined: 17 Jan 2010, 23:35

Re: Elliptic Curve Cryptography

Post by Cyp »

Does https://github.com/Cyp/warzone2100/commits/master work without openssl/ec.h? If so, feel free to push d515c8b2ce6867caf4268c0221db3631264ddb37 to mainline.

Obviously, they still won't be able to see when a player ID is being spoofed, but everyone else in the game will be able to, and they won't have their own player ID, either. It would also be possible to allow 224-bit DSA as an alternative to 224-bit ECDSA, but it would probably take longer to implement it than it would take to crack it.
tnmurphy
New user
Posts: 4
Joined: 01 Apr 2012, 13:24

Re: Elliptic Curve Cryptography

Post by tnmurphy »

Thanks for the latest update. I removed my custom-build of openssl and reinstalled the distro defaults.

I then cleaned, reconfigured and rebuilt Warzone. Everything worked perfectly. Thank you very very much!

:-)
stiv
Warzone 2100 Team Member
Warzone 2100 Team Member
Posts: 876
Joined: 18 Jul 2008, 04:41
Location: 45N 86W

Re: Elliptic Curve Cryptography

Post by stiv »

Just to follow up:

I asked the GitHub folks if they had any restrictions on projects involving crypto.
Short answer: No
We don't have any restrictions on the type of projects you host on GitHub, provided
+that they're in line with our Terms of Service:
+https://help.github.com/articles/github ... of-service

But if you do a quick search (https://github.com/search?q=crypto) you can find a lot of
+existing cryptography libraries.
I still think it would be nice to use some reasonably secure (beyond rot13!), but fully available methods for the user IDs.
Post Reply