XMPP Based Authentication

From Armagetron
Revision as of 10:36, 6 March 2006 by Luke-Jr (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page is intended for fleshing out the details of a simple authentication scheme.

The Authentication

  • The client logs into the player's IM account and sends a join request to the game server's IM address.
  • The game server sends a random session identifier, along with its connection information (hostname/IP and port) to the client.
  • The client connects to the game server's supplied connection info.
  • The client sends the session identifier back to prove it is the original player to contact the game server.
  • The server now knows that the client indeed represents the player it claims to.

Stats and Conversation

The game server deals primarily with an IM address or, in the case of an anonymous player, a guest name, which is enclosed in double-quotes. All conversation and stats are recorded by this identifier. For example, when sending a chat message to another player, the server will transmit something along the lines of: luke@dashjr.org says, "Hi!"

Displaying Names For Players (Name Resolution)

If the IM address luke@dashjr.org appears on the player's roster/buddy list, the associated nickname is displayed instead. If not, the full IM address is displayed.

Attack Vectors

The Phishing Server

I can't see a possibility here.

Faking the Authentication Server

DNS poisoning.

Retrieved from "http://wiki.armagetronad.org/index.php?title=XMPP_Based_Authentication&oldid=2866"