| Pages: [1] 2 :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Zenst
Aliastra
   |
Posted - 2010.01.23 21:02:00 -
[1]
One of the biggest bains in eve is the classic - our logs show nothing; This all eve players suffer at one stage or another and even though the server logs dont show a valid reason for the events, CCP by default leans towards it was fine approach and move along.
My proposal is a simple one, so simple that to not do it would mean CCP has something to hide.
Have another copy of log files on the client that are encrypted with a public key. CCP only will have the private key and by doing that you end up with local client log files that aint tampared with and will only go to help kill of the whole out logs show nothing area and as such make things alot easier for GM's and alot less stressful for the players.
Indeed its such a simple proposal I would go as far in saying to not do this would be indicative that CCP have something to hide, simple as that.
Oh and to counter the only gripe I forsee, encyrption takes cpu and the client would suffer. Have the option to have a 2nd encrypted log set optional, put the ball in the players court instead of some blackhole of a server log. Give the player the option to fight his own stress induced by such events.
As for the lazy I've bolded the jist - just say yes and do it.
Yes I know I'm a genius, just respect it and do this now.
|
Valandril
Caldari
Caldari Provisions
|
Posted - 2010.01.23 21:05:00 -
[2]
Don't we have eve logging tool already ? Or did ccp remove it ?
Feel free to fly with it turned on, but it will make your cpu sweat.
|
Zenst
Aliastra
|
Posted - 2010.01.23 21:07:00 -
[3]
 Originally by: Valandril
Don't we have eve logging tool already ? Or did ccp remove it ?
Feel free to fly with it turned on, but it will make your cpu sweat.
They dont accept those logs for petitions, do they. this is a simple solution to a large problem from the players perspective and would finaly crush the whole "our logs show nothing" area into the dusts of time. Simple as that.
|
yfz3r0
Caldari
State War Academy
|
Posted - 2010.01.23 21:13:00 -
[4]
I endorse this product and/or service.
|
Valandril
Caldari
Caldari Provisions
|
Posted - 2010.01.23 21:17:00 -
[5]
Originally by: Zenst
Originally by: Valandril
Don't we have eve logging tool already ? Or did ccp remove it ?
Feel free to fly with it turned on, but it will make your cpu sweat.
They dont accept those logs for petitions, do they. this is a simple solution to a large problem from the players perspective and would finaly crush the whole "our logs show nothing" area into the dusts of time. Simple as that.
If those logs don't work for petitions, then no other logging will.
|
Latex Underwear
|
Posted - 2010.01.23 21:18:00 -
[6]
Somebody was spamming a link to this thread in local. The OP is an idiot and I do not agree to anything he says.
|
WuSE
|
Posted - 2010.01.23 21:27:00 -
[7]
I also endorse this product and or service. So let it be written, so let it be done.
|
Conman
tr0pa de elite
Triumvirate.
|
Posted - 2010.01.23 21:31:00 -
[8]
sighned
"In a perfect world we would all be dead"
Official Tri Diplomat
"All Diplomacy Has Failed" |
Zenst
Aliastra
|
Posted - 2010.01.23 21:33:00 -
[9]
Originally by: Valandril
Originally by: Zenst
Originally by: Valandril
Don't we have eve logging tool already ? Or did ccp remove it ?
Feel free to fly with it turned on, but it will make your cpu sweat.
They dont accept those logs for petitions, do they. this is a simple solution to a large problem from the players perspective and would finaly crush the whole "our logs show nothing" area into the dusts of time. Simple as that.
If those logs don't work for petitions, then no other logging will.
OK allow me to explain.
Local client logs as they stand currently can be tampered with; THis is why CCP wont accept them.
My proposal would solve this whole area by having a copy of local logs that would not be tamperable and as such negate that whole area of CCP accepting said logs.
Does this explain it for you now?
|
Four Horsem4n
|
Posted - 2010.01.24 00:27:00 -
[10]
sighned
Finally somebody have a good idea about the biggest fail on CCP side
|
Raivi
Sniggerdly
Pandemic Legion
|
Posted - 2010.01.24 00:39:00 -
[11]
This is an excellent idea. Simple, secure and I wish I thought of it.
Very much signed.
---------------------------------------------
|
Vulor
Beyond Divinity Inc
|
Posted - 2010.01.24 00:51:00 -
[12]
Did I get this right?
You say that eve client should create 2 types of client logs, one plain text, and another encrypted with public key. This means that the public key is stored on your computer somewhere in the client. So what will stop you from extracting the key from client and creating your own encrypted logs with it?
The only advantage is that you can't see the encrypted logs without private key.
But you already have plain text logs. This also makes it vulnerable to plain text attack.
--
No sig today! |
Valandril
Caldari
Caldari Provisions
|
Posted - 2010.01.24 00:53:00 -
[13]
Originally by: Zenst
Originally by: Valandril
Originally by: Zenst
Originally by: Valandril
Don't we have eve logging tool already ? Or did ccp remove it ?
Feel free to fly with it turned on, but it will make your cpu sweat.
They dont accept those logs for petitions, do they. this is a simple solution to a large problem from the players perspective and would finaly crush the whole "our logs show nothing" area into the dusts of time. Simple as that.
If those logs don't work for petitions, then no other logging will.
OK allow me to explain.
Local client logs as they stand currently can be tampered with; THis is why CCP wont accept them.
My proposal would solve this whole area by having a copy of local logs that would not be tamperable and as such negate that whole area of CCP accepting said logs.
Does this explain it for you now?
If it's local - it can and it will be broken and no company will actualy refund anything based on something that is so easy to manipulate by customer and people WILL abuse it to insane level. If you will find a way to make system that will provide info to 3rd party where user won't be able to tamper with it - you will prolly win a nobel prize.
But till then, we will have to leave with "our logs show nothing" excuse.
|
Zenst
Aliastra
|
Posted - 2010.01.24 01:04:00 -
[14]
Originally by: Vulor
Did I get this right?
You say that eve client should create 2 types of client logs, one plain text, and another encrypted with public key. This means that the public key is stored on your computer somewhere in the client. So what will stop you from extracting the key from client and creating your own encrypted logs with it?
The only advantage is that you can't see the encrypted logs without private key.
But you already have plain text logs. This also makes it vulnerable to plain text attack.
You wrong about the whole encryption process, allow me to explain public/private aka PKI encyrption in its simplest form.
The public key is used to encyrpt, it cant decrypt the file, only the private key which only CCP will have will allow that. As such you can't tamper with those logs at all.
Hope that clears things up I'd link a wiki but I shan't insult your google prowness.
|
Vulor
Beyond Divinity Inc
|
Posted - 2010.01.24 01:07:00 -
[15]
Originally by: Zenst
You wrong about the whole encryption process, allow me to explain public/private aka PKI encyrption in its simplest form.
The public key is used to encyrpt, it cant decrypt the file, only the private key which only CCP will have will allow that. As such you can't tamper with those logs at all.
Hope that clears things up I'd link a wiki but I shan't insult your google prowness.
I still have the public key and can encrypt anything I want. Original logs, tampered logs, whatever.
--
No sig today! |
Wrhaistek Zhelocomeir
|
Posted - 2010.01.24 01:14:00 -
[16]
Signed
|
Zenst
Aliastra
|
Posted - 2010.01.24 01:14:00 -
[17]
Originally by: Valandril (I SNIPPED LOADS OF PYRAMIDS) If it's local - it can and it will be broken and no company will actualy refund anything based on something that is so easy to manipulate by customer and people WILL abuse it to insane level. If you will find a way to make system that will provide info to 3rd party where user won't be able to tamper with it - you will prolly win a nobel prize.
But till then, we will have to leave with "our logs show nothing" excuse.[/quote
No third party is required for this. heck can even have checksums in the log files(encrypted version) but bottom line you wont be decrypting them and if you could you would probably be in the wrong job and have alot of offers from many many goverments.
Its just a simple, elegant solution to what has been a bain of eve players since eve began. This would address it and also offer CCP a way to even reduce server loads, reduce petition times (could be more automated and certainly be less ply in the ones we have).
It realy is that simple, we dont have to live with out logs show nothing and yet the locals ones do any more with this approach.
|
Valandril
Caldari
Caldari Provisions
|
Posted - 2010.01.24 01:17:00 -
[18]
Originally by: Zenst
Originally by: Valandril
If it's local - it can and it will be broken and no company will actualy refund anything based on something that is so easy to manipulate by customer and people WILL abuse it to insane level. If you will find a way to make system that will provide info to 3rd party where user won't be able to tamper with it - you will prolly win a nobel prize.
But till then, we will have to leave with "our logs show nothing" excuse.
No third party is required for this. heck can even have checksums in the log files(encrypted version) but bottom line you wont be decrypting them and if you could you would probably be in the wrong job and have alot of offers from many many goverments.
Its just a simple, elegant solution to what has been a bain of eve players since eve began. This would address it and also offer CCP a way to even reduce server loads, reduce petition times (could be more automated and certainly be less ply in the ones we have).
It realy is that simple, we dont have to live with out logs show nothing and yet the locals ones do any more with this approach.
You really have no experience with cracking groups eh ?
|
Zenst
Aliastra
|
Posted - 2010.01.24 01:26:00 -
[19]
Originally by: Vulor
Originally by: Zenst
You wrong about the whole encryption process, allow me to explain public/private aka PKI encyrption in its simplest form.
The public key is used to encyrpt, it cant decrypt the file, only the private key which only CCP will have will allow that. As such you can't tamper with those logs at all.
Hope that clears things up I'd link a wiki but I shan't insult your google prowness.
I still have the public key and can encrypt anything I want. Original logs, tampered logs, whatever.
I see were what your saying but the addition of checksums per log line in the encyrpted verion would add a level of counter to that, also lets face it if somebody wants to pull eve client apart enough to work that out then there would be alot more things to worry about. There are many many ways but, heck MS SQL server so flawed I can think of easier avenues of attack if you were realy intent of abusing eve. Its also entirely possible to obfiscate the key in the code, heck otherwise I could see blackberry connect devices open to the same issue, indeed blackberrys as a whole (again there server side weakest link there).
Also factor that the enyrpted logs although indicative of the logs you get would be easier in a shorthand so instead of having "hybrid 250 railgun II" it would just have a number entry, easier to process/encypt. Realy at this stage I'm looking for principle support on this issue to the stage CCP go , OK sounds interesting lets talk about it. Details can easily be ironed out and indeed alot of the details on how its imlemented would be internal to CCP's code fetish's. But all this wouldn't realy be much and indeed any good programmer could knock up a draft test of this in a few hours and then tweak from there.
So many ways to kill a cat but first you need to have a cat to kill. Lets get a cat.
|
Baxalusx
The Illuminati.
Pandemic Legion
|
Posted - 2010.01.24 01:27:00 -
[20]
good idea.
|
Zenst
Aliastra
|
Posted - 2010.01.24 01:31:00 -
[21]
Originally by: Valandril
Originally by: Zenst
Originally by: Valandril
If it's local - it can and it will be broken and no company will actualy refund anything based on something that is so easy to manipulate by customer and people WILL abuse it to insane level. If you will find a way to make system that will provide info to 3rd party where user won't be able to tamper with it - you will prolly win a nobel prize.
But till then, we will have to leave with "our logs show nothing" excuse.
No third party is required for this. heck can even have checksums in the log files(encrypted version) but bottom line you wont be decrypting them and if you could you would probably be in the wrong job and have alot of offers from many many goverments.
Its just a simple, elegant solution to what has been a bain of eve players since eve began. This would address it and also offer CCP a way to even reduce server loads, reduce petition times (could be more automated and certainly be less ply in the ones we have).
It realy is that simple, we dont have to live with out logs show nothing and yet the locals ones do any more with this approach.
You really have no experience with cracking groups eh ?
Wrong, and its down to brute force and encytpion flaws, want to talk elipticle its fine by me. No matter the level of crackers/skiddies its all about brute force and flaws in entropy. 1024bit 2048 bit.
Did you know that I personaly like prime numbers as a good prime is better than a larger number - take the classic windows password encyrption were a 7 (prime)char password was stronger than a 8 char password.
Anything can be pushed beyond the lifetime of the best super computers, its down to cost and time and lifetime of the encyrption and more to the point the key itself, nowt stopping it being changed more frequently than SSL certs are currently and thats exactly the same thing.
So please when you make brash cast off statements without content please quantify them a bit more so I can technicaly appease you beyond a long winded well yes actualy I do.
|
Future Mutant
Republic Military School
|
Posted - 2010.01.24 01:32:00 -
[22]
Wont work. When a gm says "our logs show nothing" odds are he didnt check. Thats just their nice way of saying shut the **** up ***** and stop bothering me.
|
Vulor
Beyond Divinity Inc
|
Posted - 2010.01.24 01:35:00 -
[23]
Originally by: Zenst
So many ways to kill a cat but first you need to have a cat to kill. Lets get a cat.
Basically current logging system can't be cracked because CCP won't accept ANY client logs. You are suggesting to move to a system that can be cracked (even if it's hard) and claim that it's better.
--
No sig today! |
Zenst
Aliastra
|
Posted - 2010.01.24 01:50:00 -
[24]
Originally by: Vulor
Originally by: Zenst
So many ways to kill a cat but first you need to have a cat to kill. Lets get a cat.
Basically current logging system can't be cracked because CCP won't accept ANY client logs. You are suggesting to move to a system that can be cracked (even if it's hard) and claim that it's better.
LOL, thats one way to put it, but yes though with the definition of hard being defined as there are far far far more profitable things to be attacking that use weak keys already - CHIP and PIN machines, dont get me started.
Yes you can argue that any level of enyption is mearly a stop gap and will eventualy be broken but its a time factor variable of which you can control with the level of encyption and indeed how long the key is valid for. As such its alot easier in some propriotary non standard software to change it more often than common used weaker levels of encyption used in every day usage.
If I took your approach I would never use SSL, PGP, non of that (well actyualy I wrote my own encyption software but thats another story not for these pages) but you know its a issue thats addresable within the realms of Eve in comparision to all the encyption used today on the web and on silly cashpoint cards with there 4 ISO track plastic magnetic cards offset PIN's stored on track 4 situations.
Realy wouldn't be hard to have the key session based, little more work but entirely doable, so many ways to address the newspaper paranoids. Play deveils advicate and you can at least agree this is a major step in the right direction in addressing the whole issue of logs upon the client side and server side not having enough logging, surely that is worth looking at overall.
Controlled exposure is better than blind exposure and when you control all the variables and not tied to having international standards hold you back (2g encryption lol - been cracked before y2k started though wasn't public - 56bit with padded 0's at start - was known by the non vandals, why I use 3G :). And not like they didn;t have a solution to that back then either.
Bottom line this is doable and in a secure way that would make it impossible to decypt said files in there useful lifetime - ever - period.
|
Zenst
Aliastra
|
Posted - 2010.01.24 01:57:00 -
[25]
Originally by: Future Mutant
Wont work. When a gm says "our logs show nothing" odds are he didnt check. Thats just their nice way of saying shut the **** up ***** and stop bothering me.
Yip I feel your pain, had some clasics but with this process alot fo log checking could be automated and avoid the whole 20 ply convo's with GM going our logs show nothing and you going then what do they show, rince repeat. If I had to read the number of petitioons GM's do I'm sure one missed coffee would ake me accidenty top read or indeed reply to a petition giving details of the previous petition i was working with. On friend even has tempplate replies to certain GM template replies, realy is rather sad state of affairs in many respect and its with this in mind that I propose this approach.
|
BlackHorizon
The Illuminati.
Pandemic Legion
|
Posted - 2010.01.24 02:45:00 -
[26]
Edited by: BlackHorizon on 24/01/2010 02:47:26
Nice idea, but I'm not sure if CCP has the personpower or improving customer service prioritized high enough to even consider implementing this idea. This would mean additional workload on already overworked and/or incompetent GMs.
|
Zenst
Aliastra
|
Posted - 2010.01.24 02:58:00 -
[27]
Originally by: BlackHorizon
Edited by: BlackHorizon on 24/01/2010 02:47:26
Nice idea, but I'm not sure if CCP has the personpower or improving customer service prioritized high enough to even consider implementing this idea. This would mean additional workload on already overworked and/or incompetent GMs.
Maybe your right with regards to CCP's motivation but at the GM level it would actualy make there life alot easier as having a client log to tie to a server log is alot easier than translating somebodies english into what to look at in some logs and going computer says no.
Also avoid the many ply levels in exaisting petitions as I outlined previously further up this page/thread. That in itself would reduce alot of the GM's workload with regards to loss petitions alone. If anything might actualy reduce the number of GM's needed, though I'm sure I'd like to see them underworked some first before that happens.
|
Stygian Knight
Pandemic Legion
|
Posted - 2010.01.24 03:00:00 -
[28]
signed
|
Valandril
Caldari
Caldari Provisions
|
Posted - 2010.01.24 08:48:00 -
[29]
Originally by: Zenst
Originally by: Valandril
Originally by: Zenst
Originally by: Valandril
If it's local - it can and it will be broken and no company will actualy refund anything based on something that is so easy to manipulate by customer and people WILL abuse it to insane level. If you will find a way to make system that will provide info to 3rd party where user won't be able to tamper with it - you will prolly win a nobel prize.
But till then, we will have to leave with "our logs show nothing" excuse.
No third party is required for this. heck can even have checksums in the log files(encrypted version) but bottom line you wont be decrypting them and if you could you would probably be in the wrong job and have alot of offers from many many goverments.
Its just a simple, elegant solution to what has been a bain of eve players since eve began. This would address it and also offer CCP a way to even reduce server loads, reduce petition times (could be more automated and certainly be less ply in the ones we have).
It realy is that simple, we dont have to live with out logs show nothing and yet the locals ones do any more with this approach.
You really have no experience with cracking groups eh ?
Wrong, and its down to brute force and encytpion flaws, want to talk elipticle its fine by me. No matter the level of crackers/skiddies its all about brute force and flaws in entropy. 1024bit 2048 bit.
Did you know that I personaly like prime numbers as a good prime is better than a larger number - take the classic windows password encyrption were a 7 (prime)char password was stronger than a 8 char password.
Anything can be pushed beyond the lifetime of the best super computers, its down to cost and time and lifetime of the encyrption and more to the point the key itself, nowt stopping it being changed more frequently than SSL certs are currently and thats exactly the same thing.
So please when you make brash cast off statements without content please quantify them a bit more so I can technicaly appease you beyond a long winded well yes actualy I do.
No it's not down to bruteforce and encryption flaws. Actualy this looks like "knownledge" from someone who read Dan Brown book and now he thinks that he knows everything about cryptography and cracking it because bruteforce never was and never will be an effective way to do anything. Especialy since there are better ways (why bother with breaking the crypy at all when you can just cut the crypt out of the program alltogether and then feed it with your own data ?).
But i guess that ineed my statements are without content, because you've read about supercomputers and bruteforcing and that makes you a guy with knownledge.
|
Vulor
Beyond Divinity Inc
|
Posted - 2010.01.24 12:01:00 -
[30]
Originally by: Valandril
No it's not down to bruteforce and encryption flaws. Actualy this looks like "knownledge" from someone who read Dan Brown book and now he thinks that he knows everything about cryptography and cracking it because bruteforce never was and never will be an effective way to do anything. Especialy since there are better ways (why bother with breaking the crypy at all when you can just cut the crypt out of the program alltogether and then feed it with your own data ?).
But i guess that ineed my statements are without content, because you've read about supercomputers and bruteforcing and that makes you a guy with knownledge.
QFT
--
No sig today! |
| |
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |