02:46 <+Learath2> heinrich5991: I don't think we particularly need a cryptographically secure hash, not like the attacker is crafty enough to perform an attack on something like metrohash
02:51 <+Learath2> If you disagree though, blake2 is like 2x faster then sha256. Or maybe we could do AES, that should be very well optimized and very secure against known plaintext attacks so we could just encrypt the address with the seed
02:52 <+Learath2> Though aes is very well optimized, I'm not quite sure how much the overhead would be for small data like this. Maybe the initialization and the finishing of the algorithm could overwhelm the actual algorithm
02:52 <+Learath2> I guess it needs a benchmark to be sure
15:20 <+bridge_> [ddnet] <Jesus Christ> @Learath2 did u change any physics? part on j2 not working
15:20 <+bridge_> [ddnet] <Learath2> Since when?
15:20 <+bridge_> [ddnet] <Jesus Christ> idk last a few days
15:20 <+bridge_> [ddnet] <ScReeNy> 1 week ago it worked
15:20 <+bridge_> [ddnet] <Learath2> Definitely not in the week
15:20 <+bridge_> [ddnet] <Jesus Christ> mhm
15:21 <+bridge_> [ddnet] <Learath2> What is the part?
15:21 <+bridge_> [ddnet] <Jesus Christ> u free now?
15:21 <+bridge_> [ddnet] <ScReeNy> its from the bug where u bug through tiles with your tee with infinity speed
15:21 <+bridge_> [ddnet] <Jesus Christ> he wont understand ur explanation xd
15:21 <+bridge_> [ddnet] <Learath2> Huh, didn't touch tile skipping in months
15:21 <+bridge_> [ddnet] <Learath2> Except for stoppers a while ago
15:21 <+bridge_> [ddnet] <Learath2> But thats been more then a week ago
15:22 <+bridge_> [ddnet] <Jesus Christ> ok we figured out this specific part works only with weak
15:22 <+bridge_> [ddnet] <Learath2> @Jesus Christ kinda busy with something else, I can check it out at night
15:22 <+bridge_> [ddnet] <Learath2> Oh good
15:28 <@heinrich5991> yea, aes sounds good
15:35 <@heinrich5991> I think we should not forego security for this; a non-cryptographic checksum might be enough, e.g. one that is also used for protection against hashmap collision attacks
17:41 <+bridge_> [ddnet] <ChillerDragon> i did it bois xxD
17:41 <+bridge_> [ddnet] <ChillerDragon> 
17:41 <+bridge_> [ddnet] <ChillerDragon> https://cdn.discordapp.com/attachments/293493549758939136/644577736505163781/screenshot_2019-11-14_17-41-05.png
17:43 <+bridge_> [ddnet] <ChillerDragon> much wowo much hack client
17:46 <+bridge_> [ddnet] <ChillerDragon> oh nvm the ddnet++ server is broken nvm bois xxxxD dont tell anyone that its vulnerable
17:50 <+bridge_> [ddnet] <ChillerDragon> oooh now i got it... its a local server thing. You can't get banned on your local server so you have unlimited rcon trys :greenthing:
17:51 <+bridge_> [ddnet] <Jesus Christ> 200 iq move
17:51 <+bridge_> [ddnet] <ScReeNy> ban
18:12 <+bridge_> [ddnet] <Ryozuki> 1 month and half till python 2 dies
18:12 <+bridge_> [ddnet] <Ryozuki> :poggers:
18:25 <+bridge_> [ddnet] <ChillerDragon> yea crazy ikr
18:26 <+bridge_> [ddnet] <ChillerDragon> i can imagine there is a lot of exploitable software when python2 gets the first CVE in 2020
19:07 <+bridge_> [ddnet] <Learath2> @heinrich5991 there are a lot of hashes that are non cryptographic but have excellent statistical properties, we could use any of those or aes
19:27 <+bridge_> [ddnet] <Learath2> Maybe we can get away with crc32, it's very well optimized in hardware, but it's not secure at all
20:56 <+bridge_> [ddnet] <MikeX> Can someone explain me why there are no hacks for teeworlds? In some egoshooters for example you were able to moonjump. Why its not possible to manipulate hook length or sth like that?
21:03 <+bridge_> [ddnet] <ScReeNy> Wdym this game full of bugs and bots lol
21:55 <+bridge_> [ddnet] <ChillerDragon> @MikeX the client just sends the inputs and the server has the full control over what actually happens. Only games that give the client permission to have control over the game are vulnerable to this.
21:57 <+bridge_> [ddnet] <ChillerDragon> I do not know why other games accept such variables like jump speed from the client. Probably some naive closed src games with lazy devs.
21:57 <+bridge_> [ddnet] <MikeX> Ok thank you very much.
22:28 <+bridge_> [ddnet] <Learath2> @ChillerDragon trusting the client usually gives you a "better" netcode. E.g. if you shoot someone on your screen, as the server trusts that you shot them, your shots will always count
22:30 <+bridge_> [ddnet] <ChillerDragon> isnt the same reproducable with client side prediction without sacraficing all security aspekts
22:32 <+bridge_> [ddnet] <Learath2> You can do your best to predict, but at the end, it's just that, a prediction
22:35 <+bridge_> [ddnet] <Learath2> But that also comes with a penalty, if your ping is high enough, someone can shoot you without ever getting out of cover on your screen