| Pages: 1 [2] :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Ander
Gallente
Sniggerdly
Pandemic Legion
   |
Posted - 2010.01.24 14:18:00 -
[31]
Working as a security analyst I can see that this idea is flawed and hence won't sign this petition. (Sorry)
The flaw is that you will never be able to assure the data integrity in each of the steps before the encryption is applied.
EVE PIRATE
BattleDB.com |
Secret Bear
|
Posted - 2010.01.24 14:46:00 -
[32]
Edited by: Secret Bear on 24/01/2010 14:47:01
 Originally by: Zenst
So many ways to kill a cat but first you need to have a cat to kill. Lets get a cat.
i too hate cats! and the lack of logged errors on the servers side
/signed
ps we might want to look at killing cats until ccp takes this serious
|
Valandril
Caldari
Caldari Provisions
|
Posted - 2010.01.24 15:03:00 -
[33]
Originally by: Ander
Working as a security analyst I can see that this idea is flawed and hence won't sign this petition. (Sorry)
The flaw is that you will never be able to assure the data integrity in each of the steps before the encryption is applied.
Does any of them include super computers and brute-forcing ? :P
Just messing with op a bit :P
|
darius mclever
|
Posted - 2010.01.24 15:20:00 -
[34]
Originally by: Valandril
Originally by: Ander
Working as a security analyst I can see that this idea is flawed and hence won't sign this petition. (Sorry)
The flaw is that you will never be able to assure the data integrity in each of the steps before the encryption is applied.
Does any of them include super computers and brute-forcing ? :P
Just messing with op a bit :P
you dont need super computer or brute forcing if the first piece of the chain is already broken.
|
Zenst
Aliastra
|
Posted - 2010.01.24 16:59:00 -
[35]
Originally by: Valandril
Originally by: Ander
Working as a security analyst I can see that this idea is flawed and hence won't sign this petition. (Sorry)
The flaw is that you will never be able to assure the data integrity in each of the steps before the encryption is applied.
Does any of them include super computers and brute-forcing ? :P
Just messing with op a bit :P
haha and no I aint read dan brown, nor intend too.
OK chaps I'll conceed that what your both aluring too is a potentualy a flaw but like any flaw there is a way to deal with it. Yes I know that nothing is secure, but its secure long enough for its needs, thats doable.
How would you address the issue then?
I can think of a few ways but lets have your suggestions upon this. Big factor the client and server have constant comm's during the time that the logging is done. So one way would be:
client has log entry, sends checksum of log to server (small payload can be batched) server digitaly signs it and then sends it back, this is then a pretty good hash check that would serve to timestamp and verify the log entries upto that point in time, this would then make it only viable to fake lopgs if you did it in realtime and as such, completely address's that whole area.
Remember this is an idea, I welcome your contructive input (cheers Ander and somewhat trolly semi-contructive input from Valandril). Now lets assume nothing about peoples experiences and take that whole troll/epeen area away and get into this. Lets solve this so we can bury this whole area of lamentation with eve for good.
Now what would you suggest, given what I've outlined would work to address the concerns you both have, does it not?
|
Farscape Hw
Black Omega Security
Pandemic Legion
|
Posted - 2010.01.25 00:57:00 -
[36]
/signed
|
Tobruk
Black Omega Security
Pandemic Legion
|
Posted - 2010.01.25 05:11:00 -
[37]
Its time for ccp to stop hiding their bias and corruption behind the "our logs show nothing" wall
it took K u g u t s u m e n to show them for what they were before - why should we have to resort to those tactics to get straight answers from ccp.
/singed /singed /signed a million times
----------------------------------------------
Please re-size your signature to the maximum file size of 24000 bytes. Zymurgist |
Edriahn
Gallente
Sniggerdly
|
Posted - 2010.01.27 08:24:00 -
[38]
/Signed
|
Shad0w Hawk
The Illuminati.
Pandemic Legion
|
Posted - 2010.01.28 00:47:00 -
[39]
Unless I'm misunderstanding something, if this was implemented then people could still try to change their logs and send them to ccp hoping they'll fall for it.
Which would mean a sea of dumb "i lost my ship to a ~bug~ here are some totally not doctored logs of it" petitions, which would result in their seemingly already swamped GM team having even more garbage to sift through.
|
Zenst
Aliastra
|
Posted - 2010.01.28 11:15:00 -
[40]
Originally by: Shad0w Hawk
Unless I'm misunderstanding something, if this was implemented then people could still try to change their logs and send them to ccp hoping they'll fall for it.
Note, covered that above in detail I realy wasn;t looking to get bogged down in at this stage beyond getting the in-spirit support.
Originally by: Shad0w Hawk
Which would mean a sea of dumb "i lost my ship to a ~bug~ here are some totally not doctored logs of it" petitions, which would result in their seemingly already swamped GM team having even more garbage to sift through.
Actualy no as it would allow alot of the investigation work to be automated producing less errors on the GM's part as well as also avoiding the whole 14-ply yes it does, no it dont, yes it does, no it dont convo's in petitions. But covered that fursther up as well.
Bottom line LOCAL LOGS CCP CAN USE YES/NO as I'd say everybody would say YES, go figure.
Now go poke Ander or is he busy securing his servers from ddos attacks badly still! :/
|
| |
|
| Pages: 1 [2] :: one page |
| First page | Previous page | Next page | Last page |