Category:LSL Encryption

From Second Life Wiki
Jump to: navigation, search

Description

Cryptography is an area of computing focused on encrypting data in order to prevent it from being readable by another (potentially malicious) user. Cryptography has applications all over SL where any form of data-security is required, be it an item vendor, or a game, or a device that processes personal details.

Unfortunately in LSL there are only a few good methods provided for security, beyond the ability to communicate with off-site services using HTTPS. For this reason there have been several efforts to implement encryption/decryption standards in LSL, and more recently take advantage of Mono for greater encryption.

Cryptography Libraries

Test Vectors

For all security libraries reviewed a common set of test-vectors (message and key(s)) should be used. These are the following recommended ones:

Base64 Message (1536-bit)

Remove new-lines

VAgWWFUfAJvIxSwoSUGCCR/QnQvXif9oswq1JaICbrohjfOTiINmRVQkr1q+awPXd2nGncz8Pelb/
2vdx2vhh8UJiF6jBChzNGqr01l7ssgrIKGuXxKHw2JF8bByz7mREbmvxrndkM288HuwJYw0LlnaM1
3h8lzSBrQnLzr/Xwb6l3MfU867b/WtcuwpyXci9KKKYczywNs9Ay8N80xrwaA5sqWYysLrQD43U+l
w9wPpbzf8/kJfwxZL4WL6nfxi=

Hexadecimal Key

42DBE20995628324EB343C6CF9D3C5F4

Base64 Key

Identical to the above hex-key but in Base64

QtviCZVigyTrNDxs+dPF9A==

Symmetric Key Algorithms

Times below are given as a time to encrypt and decrypt the above test-message using the above test-key, in an empty simulator.

Library Security Encrypt/Decrypt Time Summary
AES Very strong 0.891489 Relatively slow compared to other symmetric ciphers, but affords industry-standard security with no known weaknesses. Can encrypt a 2.3kb message with guaranteed 256-bits of security in around 5-10 seconds.
Base64 XOR Very weak 0.006923 Very strong when used as a one-time-pad, but if used with the same key more than once becomes extremely vulnerable to attack. Use where speed is the highest priority, and where a message (if cracked) is useless after a very short time.
Vignére Cipher Weak 0.097980 Stronger than a regular base64 XOR, and can sustain repeated use of the same key for short periods of time. Use only for messages that become useless after a short period of time.