AES Strong Encryption

From Second Life Wiki
Jump to: navigation, search


The AES encryption standard is a cryptographically secure and widely supported symmetric key, stream encryption scheme. It takes a strong key and applies it to an input in a series of "rounds" to a 16-byte chunk of data (the state). The resulting cipher is so thoroughly different from the original that it is considered cryptographically secure. Indeed, there are as yet no reported cases of AES encryption being successfully broken except through side channel attacks, essentially using other available data or means to get at the original (not a fault of the algorithm itself).

For more information regarding the algorithm you may view the Wikipedia page.

Using AES

HTTP communication

AES is not intended for securing connections with a web-site on its own. If you wish to send data to a web-site then you should investigate using HTTPS with a valid SSL Certificate, as this will allow you to verify the authenticity of a web-site, and will provide greater, faster security than anything implemented in LSL is currently capable of.

However, AES can be used as a form of Digital Signature. While a signature is supposed to use asymmetric encryption, this is currently unfeasible to do within LSL, however, AES is very strong, and if used carefully can be just as secure. This allows you to add signatures that make it possible for your web-site to verify the authenticity of the messages it receives, allowing you to figure out which in-world objects you can trust.

To use AES as a digital signature, you can simply use llMD5String() or llSHA1String() to produce a hash of your message contents, you then simply encrypt this hash and add it to your message so that the web-site can verify that the message was not forged, or tampered with. You should ensure that the key and/or input-vector you use when doing this changes regularly in a consistent and secure way so that the signature-scheme cannot be broken.

In-world communication

AES is ideal for encrypting messages sent between objects via chat-channels, and is useful for objects that are part of a game, or anything involving monetary transactions. You must be aware however that you will require some method of providing your objects with the same key for encryption. The easiest way to do this is to put it into a notecard, and give each object a copy of this notecard, the objects can then use this key to generate new ones regularly, though you will need to ensure the objects remain in-sync which is beyond the scope of this article.