Encryption in SL

Hey scripters, I just searched lslwiki for encryption in scripts

but it seems there are only to ways

use XOR with a unique key for every transaction
OR
use very weak RSA

the first case is verry hard because you need unique keys for every transaction, wich seems verry hard to pull of in SL script
the second case can be cracked by anyone with access to a botnet in hours


how do those money terminals encrypt their transactions?


i need something that is at least as secure as 128bit RSA

is this possible at all?

What you need depends on what you're trying to do exactly. Where are you sending the information to and from, or is the encryption for storage? What is the nature of the information (both encoding, eg, string, integer, and content, eg US$ transfer instructions, L$ transfer instructions etc)?

If you're communicating with a trusted site outside LL using HTTP, you can always just specify an https URL, and let LL do the encryption.

it's for HTTP and XML-RPC communication

I tought i read you need a SSL certificate from a standard thrusted source witch is not an option in my budget (yet).

the communication will transfer L$ commands so it has to be absolutly secure


i need to know for sure tranfer commands come from my server

offcoarse i could verify every xml-rpc call with an HTTP request, but the laggy nature of SL makes this hard to implement reliably.
and then you are still vurnerable to DNS poisioning



or am i missing something here?

You can issue a self-signed certificate. I'm not sure if LL will accept that or not, but it'd be fairly simple to test. Bear in mind that a self-signed certificate will protect against eavesdropping, but not man-in-the-middle attacks.

Before you go any further, you need to decide on your threat model. Who do you expect to try and intercept or modify your communications, and what resources do they have available? The only people who can spy on or modify an HTTP request between your object and your server are LL, and anyone between them and your server. That's generally a pretty limited set of people, and I'd say the risk from that is pretty low.

It sounds like your main issue is verifying that an xmlrpc command to one of your objects originated from your server. The easiest way to do this is with a cryptographic primitive called an HMAC. A simple implementation works like this:

- When the server sends a message, it takes the MD5 hash of the message text. It then appends a secret key, known only to it and your objects, and takes the MD5 hash of that. It appends this hash to the message and sends it.
- When the object receives the message, it cuts off the MD5 hash from the end and stores it. It then performs the same procedure as above, with the same secret key, and compares the resultant hash to the one it received from the server. If they match, the message was sent by someone that knows your secret key (eg, only your server, hopefully).

Edit: Also bear in mind that the above is still vulnerable to replay attacks. If you believe your attacker might get hold of a message and hash, they could send it again. If the message is simply 'transfer L$1000 to the attacker', they could replay it over and over to get as much money as they wanted. If this is a risk (probably not, realistically), you need to add some sort of timestamp or transaction identifier to the message so you can tell if you've received it before.

http://lslwiki.com/lslwiki/wakka.php?wakka=llHTTPRequest

The HTTP_VERIFY_CERT parameter can be set to FALSE to allow self signed certificates. For additional security you can use the various HTTP headers. Checking X-SecondLife-Owner-Key against your avatars key is a good start

yess how could i forget about MD5 signing

ans sindce the sim would have crashed before you could complete a brute force attack lolz

i guess i am spoiled by using Reindael/AES for intraserver communications



thx guys, i am still in my risk analysis phase, i have a good idea what's posible now

Aye, strong encryption in LSL is basically nonexistant. I implemented a pretty fast XTEA algorithm, but it still was taking 8-10 seconds (in a non-laggy sim) to encrypt and 6-8 seconds to decrypt a 100-character message. Not real useful for real applications.

Yes, I use MD5 signing for my security, as most security doesn't need obscurity, just authenticity. The information itself is not sensitive, but it must be authentic.

I have been working on an optimized version of an RSA port to LSL.
https://lists.secondlife.com/pipermail/secondlifescripters/2006-November/000180.html

It's been put on the back burner while I write my own LSO compiler

One caveat: This will prevent other objects in SL sending fraudulent requests, but won't preclude someone writing a simple program to submit fraudulent requests from outside SL.