340
edits
Talk:UDP API DEV: Difference between revisions
m
→Crypto Protocol
| Line 31: | Line 31: | ||
:...but in reality, there's no need for AniDB to be a secure application. Best to just forget about encryption altogether; it's far more trouble than it's worth in this case. | :...but in reality, there's no need for AniDB to be a secure application. Best to just forget about encryption altogether; it's far more trouble than it's worth in this case. | ||
:--[[User:Pelican|Pelican]] 20:45, 28 January 2006 (CET) | :--[[User:Pelican|Pelican]] 20:45, 28 January 2006 (CET) | ||
:Well, the actual implementation by epoximator will define the exact encryption type and the API documentation will be updated to reflect this. I agree with pelican to a certain extend. The security needs of AniDB can be viewed as being rather limited. As such TLS seems like an overkill (especially since it brings quite some additional performance and bandwidth overhead). And even the very basic AES encryption will be disabled by default. And yes, replay attacks will be possible, but the damage an attacker can do with those should be limited. I'll add a small change to the protocol which will make replay attacks slightly more complicated, but still not impossible. The encryption should be kept as simple as possible in order to minimize the additional overhead. | |||
:And even a very basic AES encryption will be enough to prevent the password from being snooped while it is transmitted. I.e. in unsecured wireless network environments. | |||
:--[[User:Exp|Exp]] 04:55, 30 January 2006 (CET) | |||