This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
gril002's profile picture

Best security practices

Started by gril002, 18 September 2016 - 04:35 PM
gril002 #1
Posted 18 September 2016 - 06:35 PM
So I have a multi use program that has mail, a to do list, GPS, unlocks doors etc. and it has a client (pocket computer) a server and a door controlling computer. So how can I best protect the data transfers? Currently I have randomly generated rednet protocol but in order for the door controlling computer to get the protocol it has to boroadcast on a preset protocol then switch to the random one so my question is how could I make it without the preset protocol. For the pocket computer I just have it so that I download the program thru the Server with a disk drive and just bake the protocols file on there bur I can't seem to do that with a computer. Also is there any way to prevent someone from putting the pocket computer into a disk drive and just editing the startup file? I have it set so that it checks for pocket and if it's false it just turns off and ejsects but the "attacker" could also just disable the disk drive boot and go thru cd to acess it. I know it's kind of pointless to have such security for a computercraft program but hey why not :D/>
Anavrins #2
Posted 18 September 2016 - 07:29 PM
Well, first of all, it is absolutely impossible to develop something safe with the rednet api, because of its repeater feature, it's trivial to intercept every messages sent with it, regardless of the protocol used.
What you want to do is peripheral.wrap the modem, and use these functions to communicate with other computers, it's a bit more complicated to use, but much more safer and harder to intercept.

If you want remote authentication, then there is a 99.99…% safe way to achieve that, by that I mean an attacker can force the authentication to fail for you, but can't force it to succeed for them.
Sewbacca #3
Posted 18 September 2016 - 07:44 PM
Hello gril002,
first of all rednet isn't secure. To understand how rednet works, you'll have to understand the Modem API in the wiki and the source of the rednet API.
To secure your network data, you can use rednet, but you'll have to encode the string data (string, because you can't encode tables).
I'd suggest writing an API which serializes table data to strings; encode it and send it through the network.
The receiver decodes the string and returns the serialized table data.
The only other secure way to transfer data that comes to my mind is using network cables (even then i'd encode the data).
A potential hacker could then be trapped using an event (it would also be broadcasted to the chat).

For disk startups, you can set the setting shell.allow_disk_startup to false, which will make the computer ignore the startup file.
Also you can protect the startup with a custom shell, allowing just input for a few options (asking for a password to access the shell for example),
but keep an eye on not leaving the keys inside, then you'd not be able to access the computer anymore (ingame at least).

Sewbacca
Edited on 18 September 2016 - 05:45 PM