DDraceNetwork - developer

heinrich5991: I don't think we particularly need a cryptographically secure hash, not like the attacker is crafty enough to perform an attack on something like metrohash

01:51

If you disagree though, blake2 is like 2x faster then sha256. Or maybe we could do AES, that should be very well optimized and very secure against known plaintext attacks so we could just encrypt the address with the seed

01:52

Though aes is very well optimized, I'm not quite sure how much the overhead would be for small data like this. Maybe the initialization and the finishing of the algorithm could overwhelm the actual algorithm

01:52

I guess it needs a benchmark to be sure

@Learath2 did u change any physics? part on j2 not working

Since when?

idk last a few days

1 week ago it worked

Definitely not in the week

mhm

What is the part?

u free now?

its from the bug where u bug through tiles with your tee with infinity speed

he wont understand ur explanation xd

Huh, didn't touch tile skipping in months

14:21

Except for stoppers a while ago

14:21

But thats been more then a week ago

ok we figured out this specific part works only with weak

@Jesus Christ kinda busy with something else, I can check it out at night

14:22

Oh good

yea, aes sounds good

I think we should not forego security for this; a non-cryptographic checksum might be enough, e.g. one that is also used for protection against hashmap collision attacks

i did it bois xxD

16:41

16:43

much wowo much hack client

16:46

oh nvm the ddnet++ server is broken nvm bois xxxxD dont tell anyone that its vulnerable

16:50

oooh now i got it... its a local server thing. You can't get banned on your local server so you have unlimited rcon trys greenthing

200 iq move

ban

1 month and half till python 2 dies

17:12

yea crazy ikr

17:26

i can imagine there is a lot of exploitable software when python2 gets the first CVE in 2020

@heinrich5991 there are a lot of hashes that are non cryptographic but have excellent statistical properties, we could use any of those or aes

Maybe we can get away with crc32, it's very well optimized in hardware, but it's not secure at all

Can someone explain me why there are no hacks for teeworlds? In some egoshooters for example you were able to moonjump. Why its not possible to manipulate hook length or sth like that?

Wdym this game full of bugs and bots lol

@el EX the client just sends the inputs and the server has the full control over what actually happens. Only games that give the client permission to have control over the game are vulnerable to this.

20:57

I do not know why other games accept such variables like jump speed from the client. Probably some naive closed src games with lazy devs.

2

Ok thank you very much.

@ChillerDragon trusting the client usually gives you a "better" netcode. E.g. if you shoot someone on your screen, as the server trusts that you shot them, your shots will always count

isnt the same reproducable with client side prediction without sacraficing all security aspekts

You can do your best to predict, but at the end, it's just that, a prediction

21:35

But that also comes with a penalty, if your ping is high enough, someone can shoot you without ever getting out of cover on your screen