Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lobby authentication #847

Open
Vagabond opened this issue Feb 7, 2025 · 1 comment
Open

Lobby authentication #847

Vagabond opened this issue Feb 7, 2025 · 1 comment
Assignees
@Vagabond
Milestone
0.8 Networking

Comments

@Vagabond
Copy link
Member

Vagabond commented Feb 7, 2025

@katajakasa wants the lobby to persist user stats and stuff, so we need a way to authenticate the user. I don't want to use TLS or HTTPS or anything complex, my proposal is to use a PAKE (https://en.wikipedia.org/wiki/Password-authenticated_key_agreement) protocol where the user can register their account with a password.

With a PAKE, the server never sees the password, nor a hash of it, so we don't have to worry about our "password database" being leaked. The only downside is that it requires some cryptographic primitives.

I want to avoid OpenSSL, because it's a tire fire, both in terms of the code and in terms of the portability/availability. Better options are libsodium or libhydrogen.

I propose we use https://github.com/jedisct1/spake2-ee which is a modern PAKE protocol, implemented by the libsodium/libhydrogen author. It only depends on libsodium, which is significantly more portable and available than openssl (with some reasonable assumptions about versions, etc).

When the user tries to join the lobby, if the username they're trying to use is a registered username, the lobby would respond with an authentication challenge. The user would then go through the SPAKE2+EE protocol to authenticate itself to the lobby.

If the username is not registered, simply allow them to join the lobby. We can provide a 'registration' option in the lobby if the user is unregistered.

Password recovery is challenging. We could allow the user to provide an email address during registration, and supply the hash of that email address (so we don't have to store the email address either). If the user needs to reset their password, we could require them to contact us from that email address, or they could be emailed something (a link, or a token) that would allow them to reset their password. I've written a SMTP client/server in Erlang, so we could send/receive emails pretty easily.

Once authenticated to the lobby, it would be relatively easy to allow the user to change their password/email address, as well.
@Vagabond Vagabond self-assigned this Feb 7, 2025
@Vagabond
Copy link
Member Author

Vagabond commented Feb 7, 2025

Proposal for password reset/recovery:

User fails to authenticate, lobby prompts them if they want to password reset. User enters the email address they provided at registration time and provides the hash of that to the lobby. Lobby compares that hash to the stored email address hash, if they match, send an email with a temporary password to that address and reset the stored information to reflect that temporary password.

If the user loses both their email and password, tough luck.

@Vagabond Vagabond added this to the 0.8 Networking milestone Feb 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Vagabond Vagabond

Labels
None yet
Projects
None yet
Milestone
0.8 Networking
Development

No branches or pull requests
1 participant
@Vagabond