HEADS UP: d0_blind_id library now used

I added support for my authentication library. If you get any build problems related to "d0_blind_id", please post in this thread.

Extra features that are already implemented

• secure and unique player identification (malicious server cannot steal your ID)
  
• persistent (nick-independent) race records
  
• IP banning system can ban per ID, not only per IP range
  

Possible extra features in the future

• persistent (nick-independent) statistics, achievements
  
• "master" authentication by ID, not by password (and with autologin)
  
• automatic team/spectator assignment for tournament/clan matches (e.g. ID of the two opponents could be required and they automatically get their player slots, while everyone else can only spectate)
  
• ???
  

Possible by adding an extra library that is not provided by default

• encrypted chat
  

Algorithms
The algorithm is RSA for key signing, Schnorr DL identification (now patent free for almost a year) for identification, AES for optional encryption (not supplied by default because of crypto regulations).
For more details, see http://github.com/divVerent/d0_blind_id

Privacy implications

• ID generation is anonymous - the worst we can log is "when did someone from which IP generate an ID" but we cannot know the ID of the action because a blind signature is being used
  
• Any server you connect to can get to know your ID, and connect the player's IP, his ID to e.g. his nickname (or any other ingame actions). However, the Xonotic Core Team promises to not implement tracking of ID versus IP address, or ID versus nickname, unless the player explicitly opted in to it. This also means that player statistics may be gathered for your ID, but the ID will not be linked to your in-game nickname unless you explicitly authorize the game to.
  
• We DO track: the tuples (Date, Time, IP address) of any signing attempt (note that we cannot know the ID for it because of the aforementioned reason)
  

Who can generate an ID
Anyone whose IP address

• did not generate an ID within the last two weeks
  
• is not banned on a certain set of Xonotic and Nexuiz game servers
  

In case you currently are banned from generating an ID and also have no ID generated yet, you can still play but will show up as an unidentified player, but you then lose the features an identified player can get. So, for example, race records will not be saved for you. A new ID generation will be attempted the next time you start Xonotic.

Oh my...
I can't find the words...

Oh my...
I can't find the words...

I can!

wh d y ht mks? h spms s tryng t fgr t t. y sd t b frnds...
Sorry about this, I had to mess with that first part of your message. Don't be his messenger, we don't care about him. ~Mr. Bougo

anyway. i do like this approach.. i was worried they were goign to have a central "sign up here" way of doing things, and i didnt like that.

Actually it will have to be centralized somehow if we want to link ID's to user accounts somewhere.

YAY! YAY! YAY!

And I was wondering why Xonotic contacts yours servers for key generation and what for was the key it saves in ~/.xonotic.

Nice idea.

For the next step could be integration with this forum... - binding players to forum users by this generated ID.

I am wondering about this restriction for generating ID in 2 weeks on the same IP. What will be if users are using private network masqueraded to the same public IP? For example, using Xonotic for the first time with friends at work.
[/align]

You can play the game fine without a registration. Just showing off the game and having some fun at the office during lunch break does not really need any storing of stats or anything that comes with the player ID's.

If those colleagues like the game enough to play more games, they can register an account as soon as they get home :-)

The reason for the limitation is to allow large range IP mask banning, while allowing "innocent" IDs still in.

Basically... when a troll comes from a large ISP, you can ban his whole /16 IP range as well as his ID. Then:

• anyone who already HAS a preexisting different ID can still join
  
• the troll can't make a new ID for two weeks, and thus cannot easily evade the ban
  
• additionally, if the troll is banned on a "trusted" Xonotic server, the troll's whole IP range won't be able to make new IDs for the duration of the ban
  

That allows a large range IP ban while keeping damage to the innocent low.

The reason for the limitation is to allow large range IP mask banning, while allowing "innocent" IDs still in.

Basically... when a troll comes from a large ISP, you can ban his whole /16 IP range as well as his ID. Then:

• anyone who already HAS a preexisting different ID can still join
  
• the troll can't make a new ID for two weeks, and thus cannot easily evade the ban
  
• additionally, if the troll is banned on a "trusted" Xonotic server, the troll's whole IP range won't be able to make new IDs for the duration of the ban
  

That allows a large range IP ban while keeping damage to the innocent low.

Is such security really needed? It's nice to have it but... [just asking] are there such trolls which make problems in Xonotic/Nexuiz or is it for the future?

Xeros, I'm surprised that anyone who has ever been on the internet has to ask that.
The answer is yes.

I admin servers and I am looking forward to having more options for moderation. There are occasional attempts by certain people to cause trouble on servers. This would help with moderating only those people so that others can just enjoy the game.

But there are also other benefits from a central authentication system like this. For example, the stats capability helps to allow proper team balancing on public servers. Competitive clan or tournament matches will be easier to conduct...publicly. You could launch a public tournament server and reserve slots for only the teams that are playing. Without a "reserved slot" mechanism, it's very difficult to have a tournament match that appears on the public server list. People end up connecting and auto-joining without realizing it's a tournament match. We tried it multiple times before and it's a mess. There is name and clan tag reservation, which has been a problem before as well with some players trying to impersonate other players.

The topic of central user authentication was the very first conversation I had with div0 about forking Nexuiz to Xonotic. I always saw that as a major limitation within Nexuiz. I'm super happy that it's coming to fruition with Xonotic, and a lot sooner that I anticipated. I think this is going to have a dramatic effect on the community. I think is the most exciting feature in Xonotic for me.

Just wondering, wasn't it originally intended to also use this crypto system for authentication? It'd be great to manage rcon access based on public keys rather than a single password that can easily be stolen.

For rcon it won't be easy, as rcon aims to work by one single packet.

But the ingame "master" authentication will likely get to support this system.

BTW, rcon already isn't limited to a single password:

password to authenticate rcon commands; NOTE: changing rcon_secure clears rcon_password, so set rcon_secure always before rcon_password; may be set to a string of the form user1:pass1 user2:pass2 user3:pass3 to allow multiple user accounts - the client then has to specify ONE of these combinations

So on your server, you can do:

rcon_password "AzureDiamond:hunter2 foxmulder:trustno1"

and then both AzureDiamond:hunter2 and foxmulder:trustno1 work as password. The server log will show the rcon access together with the "username" AzureDiamond or foxmulder then.

So this will be useful in preventing 4chan/XBox Live like behavior from Ritalin hooked evil racist/homophobic psychotic twelve year olds with too much money?

Possible extra features in the future

• persistent (nick-independent) statistics, achievements
  

I really think this is the most important one, and it will make the game much more exciting, especially for addicted gamers like me.