easiest/secure input method

I'm writing a script that requires the user to input sensitive information, and I'm trying to determine the method that 1) is easiest for the user, 2) is the most secure (in this context, mostly invulnerable to eavesdropping), and 3) keeps SL playable for me.

The methods I know of are:

- Say on channel 1: This is probably the easiest method available, but it is also the least secure. Any script or person within range can hear it.
- Say on random channel: This is also fairly easy for most users (with explicit instructions), but it is very vulnerable to eavesdropping. Any script in range could be listening on any/all channels and hear this input. While a completely thorough eavesdropping script would cause significant lag on the sim (at least according to the LSL Wiki), I don't want to exclude the possibility of being overheard by such a script. The load impact of listening may one day drop.
- Start an IM to me: This is fairly easy and also fairly secure. I don't believe even something like copybot could intercept this traffic. My only hesitation about this is that I may get bombarded with IMs. I don't know if this would be feasible, especially if I want to continue to use IMs for casual chatting.
- Drop a notecard: This is fairly cumbersome for the user (create a new notecard, edit it, save it, drop it somewhere) and not horribly secure. A copybot-like client may be able to intercept the notecard if it gets dropped or put in the wrong place--or even in transit; I don't know.

So, any ideas? It sure would be nice if LSL provided a free-text input dialog--especially if it were encrypted (even with a modest algorithm).

There's ~4300 millions of channels which you can use to transmit the data. Since scripts are limited to something like 64 listen() filters, it'd take over 67 million scripts to indeed cover all possible channels.

While eavesdropping is possible, the practical application is somewhat unfeasible o.O;

edit: depending on what data you're trying to transmit, another option could be perhaps allow user to enter data through numbers or letters oriented dialog or attachment, and send it with email once it's complete...

As Joannah States it highly unlikely that you will be eaves dropped, especially if you use new random channels for each and every dialog.

You could always supply a form of encryption by using randomised keys instead of the real options on the dialog? Use Text to display the mapping and then let the user choose. The dialog keys could be randomly generated for each dialog on a per user basis.

EDIT: This is similar to what Joannah proposed I think?




EDIT : I realise now you did say encrypted in your post my apologies
Any freetext input in this way would still be transmitted via a channel to the script so you would gain nothing.

What would be useful would be some way of obscuring / encrypting ALL dialog chat, such that what was displayed on the dialog buttons was encrypted automatically before being transmitted over the channel and then had to be decrypted when you received it.
This could probably be automated using the UUID of the script as the key.

Is this simply the upper limit of the integer data type? In that case, using llFloor(llFrand(...)) for every listen, I think I could consider it an acceptable risk.



I think that would be rather infeasible for the amount of data I need a user to enter, but not a bad idea with very short strings.

Pretty much, the channel number is 32 bit signed int if i recall right. Wiki has the exact values for both lower and upper end ^^;

You could get the object to IM the client telling them which channel to use, this would then allow freetext input to a degree

Well, I need the user to be able to enter in free text. A button dialog simply won't do in this case.



Well, on a random channel within the full range of possible channels may be an acceptable risk.



The UUID of the script wouldn't be a good key because it's easy to discover. But using something like a Diffie-Hellman key exchange with 512-bit RSA keys might be feasible, even in LSL. I seem to remember a script in the other scripting forum that does DHKE. Now if I can find a small function that does RSA (possible? I don't know) or a similar lightweight PKC algorithm, I might be set. The thing that worries me about this potential solution is ending up with a script that takes forever, is too big, and/or uses cryptographic functions that were poorly written in LSL.

I found a few scripts out there that might help with this:

Here's an RSA script that the author says is slow:
/15/6e/146463/1.html

Diffie-Hellman Key Exchange:
/15/57/98941/1.html

Encryption Library/Emailer:
/15/c2/13580/1.html

I can't vouch for any of these, but they seem to be a good place from which to start. I'm not even sure it's worth the effort to encrypt with so many channels to talk on, though.

Not sure thats true, I dont think you cannot get th UUID's of no mod items in objects otherwise ppl would be able to copy scripts just by getting the UUID.

I would cook up a new random channel number each time, IM that to the user, and tell them they have X seconds to enter the data in that channel. Note that users can't talk on negative channels, only objects can (and dialog boxes can too, I think, so in that sense it's sort-of like a user talking on a negative channel).

you could always fabricate a HUD keyboard so that all data is entered there, and then send the data through email to the receiving object (llEmail).

The methods being discussed would assure more then a reasonable amount of security. But I did a lot of research into security a couple of months ago. IM's are secure, easy and can't be intercepted unless maybe a Linden wanted to intercede. And I am not sure if even then. I don't understand the argument against using them that you presented. No matter which way you go, there would still be the same amount of traffic. What is the difference if you are hit by a lot of IMs or a lot of chat? I have a large freinds list and can have 4 or 5 IMs stack up as soon as I log on. The other IM's interfere less with the person I am talking to then a lot of chat coming in.

I agree with this, and while thinking about it last night (and remembering one of the Town Hall meetings), it occurred to me that as a premium member, I may have one free alt account available. Can anyone confirm this? If so, I could simply use that alt account to receive those IMs. Any potential IM stacking insanity would never happen because I would (almost) never be online with the alt.

Barring implementing a PKE infrastructure in SL or doing a symmetric key exchange, I think this is the best way to go.

Send the user to an external secure web site to enter thesata, and then retrieve it from that database.

Uhm, yeah, I had never, ever, thought of that. Problem is that this puts a huge wedge in the user experience. If they never have to leave SL, then I have a better chance of completing the sale. I can always give them the option to go to a website.