Warzone 2100 Forums

Recently I updated and rebuilt only to have a problem because some part of warzone seemed to need Elliptic Curve cryptography support from openssl.

I'm using Fedora 18 and its openssl seems to be adapted for export restrictions. EC and ECDSA are not enabled. It was exceedingly difficult to recompile openssl in such a way that it worked on my system both for Warzone and all my other applications. Openssl is not easy to build anyhow but the complications of supporting a distribution mean that you have to build it from the RPM spec file with a lot of patches and the changes that are needed are quite complex and even then I had to do a partial "bodge" job so that I can't just redistribute the SPEC.

So I was just wondering if EC was really all that critical because it turns WZ from an easy build into a nightmare, at least for me.

Regards,

Tim

Disabling EC/ECDSA is utterly ridiculous, it's just basic algebra... Reason for choosing EC was for a small signature size.

Maybe something like

Requiring EC in Warzone will make certain Linux distros stop distributing the game, even if we bundle our own copy of OpenSSL...

What about disabling EC for those with certain Linux distros, then? (People with those distros would then not be able to verify the player ID of other players, and would not have player IDs themselves.)

Fine with me.

Just a guess but...

I suspect this problem comes from some whacked-out United States policies on cryptography. According to the International Traffic in Arms Regulations (ITAR), certain types of strong cryptography are (or were) classified as munitions and therefore come under export controls.

IIRC, SourceForge asks some questions about crypto when registering projects so they don't run afoul of US (and possibly international?) law. It would not surprise me if other project hosting services had similar issues.

Disabling EC for certain distros seems to be forgetting the point of why we want to do this in the first place.

GitHub says their home base is in San Francisco, California which suggests they come under US export laws. I just sent a message to their support team asking about this.

Note that the Warzone2100 codebase doesn't do any EC stuff, it just makes some calls to OpenSSL, and as far as the Warzone2100 code knows, it could actually be doing ROT13.

I am sure that fedora has the NSA seal of approval!

P.S. Plc, fgbc gryyvat crbcyr jr hfr ebg13 gb rapbqr fghss, vg jnf fhccbfrq gb or n frperg!

Does https://github.com/Cyp/warzone2100/commits/master work without openssl/ec.h? If so, feel free to push d515c8b2ce6867caf4268c0221db3631264ddb37 to mainline.

Obviously, they still won't be able to see when a player ID is being spoofed, but everyone else in the game will be able to, and they won't have their own player ID, either. It would also be possible to allow 224-bit DSA as an alternative to 224-bit ECDSA, but it would probably take longer to implement it than it would take to crack it.

Thanks for the latest update. I removed my custom-build of openssl and reinstalled the distro defaults.

I then cleaned, reconfigured and rebuilt Warzone. Everything worked perfectly. Thank you very very much!

Just to follow up:

I asked the GitHub folks if they had any restrictions on projects involving crypto.
Short answer: No

We don't have any restrictions on the type of projects you host on GitHub, provided
+that they're in line with our Terms of Service:
+https://help.github.com/articles/github ... of-service

But if you do a quick search (https://github.com/search?q=crypto) you can find a lot of
+existing cryptography libraries.

I still think it would be nice to use some reasonably secure (beyond rot13!), but fully available methods for the user IDs.