[Server] Enyekala (Must Test)

[GoldFireUn]

Ah, but if I had done it that way, I wouldn't have been able to enjoy the challenge of making encryption work. ;-)

I did consider using metadata IDs a few weeks ago, but I ended up discarding the idea precisely for the reasons you mention; garbage collection is hard. Storing text directly in the metadata is just all-around easier and doesn't cost much, especially since the data per- book/memorandum isn't very large.

One project where I definitely would use metadata IDs would be in the case of storing books from Project Gutenberg. Though I have to say, even there I wouldn't use mod storage, I would prefer raw files or a Lua SQL binding (already in use for in-game email, for example). I'm not 100% sold on the idea of trusting mod storage for (potentially) big data.
(Though, I have no plans to actually do this ... yet.)

Combining encryption with private metadata isn't entirely pointless. It's protection against the possibility of the engine having a bug. It's also protection in the event that someone manages to get an unauthorized copy of the map database (i.e., if I made a booboo in the security configuration). In the case of a safety deposit box, it's also protection from an evil alternate-universe version of myself.

TBH, it's really just for the challenge. It's all a bit moot until Minetest gets an encrypted protocol.

[EDIT]: This just occurred to to me: encryption is also protection against the possible exposure of private metadata that might happen because of a bug elsewhere in the game code. Far more likely than a bug in the engine.

[GoldFireUn]

Well folks, I've been working on this for several days now, and I think it's pretty close to done!*

(*sound effects are still WiP.)

As you likely know from a previous mention, Enyekala got encrypted books and memorandum recently. Of course, unless you store these in a locked chest, anyone can come along and open the formspec, and the server will happily let you read their content.

Since for various reasons I was feeling privacy-minded of late (and slightly bored), I have now implemented secure inventory storage. Of course, I can't take credit for the idea. The first person I know to have done this in Minetest was @sorcerykid on the JT2 server. There may be others. But! I do suspect Enyekala just *might* be the first to allow the "plebs" access to in-game encryption that uses the actual OpenSSL backend.



But how does the safe's encryption work? What exactly am I promising here? The details are complex and arcane. Far too much so for simple minds to comprehend.

Ok, I lied. The details are simple and direct. On Enyekala, a secure inventory is an inventory that encrypts its contents TWICE. First, using the server's master key and a random IV (or a nonce, if you prefer that term). Second, using the user's password* and another random IV. Successful decryption requires knowing both keys.**

(*The user's password is turned into a 16-byte key using a very naive solution, a better solution would be to pass it through a key hashing algorithm, but I was feeling a little lazy on that particular.)

(**The encryptions are layered sequentially; I suppose a far better implementation would somehow mix the two keys into one key, and perform a single encryption pass.)

What this means is that even I, your admin, cannot read the contents of your safes unless I somehow know your password. I have designed the code such that the user's password is kept resident in memory only as long as the safe/briefcase is open. As soon as you close it, the password is wiped. (I won't get into complications about string copies getting scattered around in RAM or swap files; it's far outside the scope of Lua modding.)

The only way for me to get your password is to have secret code in the background that snags it when you input it. I promise I didn't do that. }:| <---- That's my serious face.

So, all told, if you want to write an essay on how much of a complete dweeb (or worse) I am, you can do so, and store it safely knowing that I will never, ever know what horrible thing you wrote about me. :-)



A word on the artwork. The textures for the safe are modified versions from sorcerykid's Safety Deposit Box mod. (I downsized them to 16px.)

However, the briefcase textures are entirely my own custom pixel art. I designed them using a hint I learned from somebody else: to get good colors, pick the colors from a real image.



James bond, anyone?

Unlike the safe, which cannot be dug while it contains anything, the briefcase can be picked up and carried. This DOES cause the (normally private) node metadata to become public ItemStack metadata (the same thing happens whenever you put something into a chest, for example). But don't worry! Your embarrassing emails detailing a forum scandal will appear as random garbage as long as the briefcase is closed and locked.

You can only store keys, vessels, books, and papers in the briefcase. You cannot store briefcases recursively. Yeah, I know someone tried that already. Heh.

The password entry formspec (not pictured) gives the owner of a safe/briefcase the option to change the password. By default, the password for all new safes is "default". A note on the implementation: when you change the password, the server decrypts all existing contents using the old password, then re-encrypts them with the new password. My original code had a bug where the re-encryption process would try to encrypt empty inventory slots. Hilarity ensued.

Lastly, the secure inventory formspecs (not pictured) give you the option to restrict your password. Basically, this just allows or disallows other players to open your safes or briefcases with the correct password. By default, anyone with the password can open a safe (nice for sharing with friends or alt accounts), but if there's a need, you can restrict access only to the person who owns the safe.



This last one doesn't have anything to do with the topic of this post, but the subject of this email has been a running joke on Enyekala for a few years now. If you want to know where the inspiration for this diabolical trick came from, just head over here: https://www.giantitp.com/comics/oots0221.html

--------------------------------------------------------------------------------

Finally, I do need to offer a warning: Minetest's network protocol is plaintext. Although the contents of the safe and briefcase are stored encrypted at all times on the server, whenever you view them (and indeed, whenever you view the contents of a book or letter), the server decrypts the data and sends it over the wire in plaintext. (The same is true for your chat messages.) Needless to say, this is very bad, and as a modder there is nothing I can do about it. If you care about this, you'll need to get the devs to stop bike-shedding over which encryption algorithm to use and just implement one already. :-)

Do it politely, of course. Personally I would prefer a symmetric algorithm (like AES) derived from the SRP key calculation.

[Blockhead]

Finally, I do need to offer a warning: Minetest's network protocol is plaintext. Although the contents of the safe and briefcase are stored encrypted at all times on the server, whenever you view them (and indeed, whenever you view the contents of a book or letter), the server decrypts the data and sends it over the wire in plaintext. (The same is true for your chat messages.) Needless to say, this is very bad, and as a modder there is nothing I can do about it. If you care about this, you'll need to get the devs to stop bike-shedding over which encryption algorithm to use and just implement one already. :-)

You could require a client-side mod and send the encrypted text across a modchannel, and then do the decryption and show a formspec on the client side. I'm not sure if it would support all the usual formspec callbacks though - I think the inputs on a CSM formspec don't go to the server, at least not without maybe some homebrew algorithm to send that back across the modchannel.

[GoldFireUn]

Here's a peek at one of my current projects:







Don't fall in.

[not2stressed]

Looks very interesting, I wonder what it'll be? Outback v3? Another realm? A land of endless mutton?
I guess I'll have to wait & see!

[DragonsVolcanoDance]

I've decided to post some screenshots of some of the things I've been working on lately. UncleBob recently made another video on them as well! You can find his channel here https://odysee.com/@Unboblievable:0 (He makes really good Enyekala videos!)

White Wolf Castle and Black Dragon Fortress:



Ice and Fire Tree:


no, this is not a reference to GOT as someone asked before, it is completely coincidental.

Black Dragon Fortress:



Black Dragon Fortress basement:



White Wolf Castle at night:



Inside White Wolf Castle:



View from the top of Black Dragon Fortress:



View from the Ancient Pyramid at night:



Ancient Pyramid at night:



Sunstone Palace Facade: (always a work in progress)



Amethyst Pool Garden:



There's a lot more screenshots I could have taken, but this post is long enough and curious viewers should definitely check out UncleBob's odysee channel. He has a lot of videos on other builds as well, among other things.

[Spaka7]

I was wondering if the server is down it's been a couple hours and it's not showing up on minetest app

[hlqkj]

It has been down for the past 12+ hours. Squirrels’ fault. Hopefully it should be back soon!

[Spaka7]

Ok, sucks.. is their a discord for this server? I've been looking for information on this since morning, even their site not working

[hlqkj]

Afraid, no: there is no Discord server, nor any other means to communicate, aside from this forum topic.

The website is hosted on the same machine that hosts the server so, if one is offline, the other is usually offline as well. (That’s why the welcome form and the chat hints point us to here, BTW :)

[Spaka7]

Ok understood 💀

[GoldFireUn]

Weird. Machine has internet access but the software doesn't notice. Guess I'm restarting the program.

[GoldFireUn]

....

Or, what boxface just wrote. Heh.

[boxface]

Server is back online, old address is working arklegacy.duckdns.org

[Spaka7]

Not seeing it on my end..."arklegacy.duckdns.org"
Does this mean that I have to start over?

[Spaka7]

Nvm I'm online

[Spaka7]

I'm playing on mobile, and my fancy glass iron/ fancy glass wooden door don't show the glass on them. Can this be fixed and also I don't know if this going to be to much work but can you include siting, maybe it could be when avator sits their stamina recovers.

[itslio]

CoffeeAddict's Castle.
In an unforeseen circumstance I seem to have accidentally got into her jail and died and I am unable to retrieve my bones. I really need some help because I was carrying all of my valuable items, protecters, machine parts , my best weapons n armor. Is there a way to get my bones??i worked rlly hard to get those stuff.

[Spaka7]

CoffeeAddict's Castle.
In an unforeseen circumstance I seem to have accidentally got into her jail and died and I am unable to retrieve my bones. I really need some help because I was carrying all of my valuable items, protecters, machine parts , my best weapons n armor. Is there a way to get my bones??i worked rlly hard to get those stuff.

i also went in to try and get her bones back and lost mine in the process, we both use the jail option on the key.

[speedpig]

as it was recomended by other players ir write here that day before was marked and some unprotected trees was on fire, and all crops gone at base location. today at base arrived player with visible name 'Hunter' and killed player 'speedpig' several times until last lost his bed location due to 'killed in wild'. We (speedpig and Edgars00) are in contact with such player 'Hunter' first time, and used to help players. One must learn to place cityblock faster.
It could be that some of experienced players did not like my humor, that includes irony and sarcasm or something else.
As Hunter was in full mithril armor and used automated arbalest with tnt arrows he does not look new.

visited base from other player, who survived as i asked him to log out. lava on roof that goes down in ~2000+ mineshaft destroying climbing pick handles. and all speedpig's bones gone. Enjoy yourself, Hunter!

[hlqkj]

as it was recomended by other players ir write here that day before was marked and some unprotected trees was on fire, and all crops gone at base location. today at base arrived player with visible name 'Hunter' and killed player 'speedpig' several times until last lost his bed location due to 'killed in wild'. We (speedpig and Edgars00) are in contact with such player 'Hunter' first time, and used to help players. One must learn to place cityblock faster.
It could be that some of experienced players did not like my humor, that includes irony and sarcasm or something else.
As Hunter was in full mithril armor and used automated arbalest with tnt arrows he does not look new.

visited base from other player, who survived as i asked him to log out. lava on roof that goes down in ~2000+ mineshaft destroying climbing pick handles. and all speedpig's bones gone. Enjoy yourself, Hunter!

For a moment I thought Extry was back! Sadly, not :(

[speedpig]

also it's great luck that only low value players as speedpig has suffered, as some veteran players are just in time never online when Hunter comes and goes. What a great luck it is for them, or some 6-sense that tells them 'in 5 minutes killer comes, better leave now' or just return after it left. Probably this can never be learned, must be born with such talent i guess. So happy for them, hope they use this great power doing great things in world.

[Feral]

Oh no! Someone used the game dynamics to inconvienience a multi alt, know it all player!?
Where did I leave my tiny violin?

[dxt_73]

CoffeeAddict's Castle.
In an unforeseen circumstance I seem to have accidentally got into her jail and died and I am unable to retrieve my bones. I really need some help because I was carrying all of my valuable items, protecters, machine parts , my best weapons n armor. Is there a way to get my bones??i worked rlly hard to get those stuff.

Just be careful to use recall, i got "prison" in private teleporter room many time

[DragonsVolcanoDance]

CoffeeAddict's Castle.
In an unforeseen circumstance I seem to have accidentally got into her jail and died and I am unable to retrieve my bones. I really need some help because I was carrying all of my valuable items, protecters, machine parts , my best weapons n armor. Is there a way to get my bones??i worked rlly hard to get those stuff.

Be careful what buttons you press in the KOC :D
Yes, both lilfresh and itslio got their bones out of the Ancient Pyramid jail a few days ago, so all should be good there. If anyone gets trapped or stuck again just let me know on the forum, or send me an in-game email about it, or if you can't do that, scream about it loud enough in the chat log and I will either see it or someone else will tell me about it. LOL