MTA Lua Compiler

[Atton]

newmeta said:

First of all, there's a significant difference between hashing functions (MD5, SHA1, SHA256 etc.) and encryption (AES, RSA etc.). Hashes are one-way, you cannot restore the original data from the hash. An encryption is reversible and thus (with the right key) you can restore the original data from the encrypted context.

The MTA encryption option is obviously using a reversible encryption (-> RSA in this case) as the server/client need to be able to restore the original code from the encrypted file.

And since the server and client need to be able to restore the original code from the encrypted file, they'll also have to have the key needed to decrypt the file. And thus we can also use the key to decrypt. Therefore this encryption method cannot be secure, no matter the algorithm and no matter the key. I'm not breaking RSA, I just do the same thing as the MTA Server does, with the small difference that I'm writing the decrypted file to my hard disk.

@myonlake:

However the online compiler is suddenly implementing a single point of failure. If someone manages to get unauthorized access to the server he suddenly has access to all compiled scripts used on any MTA server, while, if he'd hack my PC, he'd only get my own stuff. Also I expect the online compiler to be an excellent target for DDoS attacks, since attacking that very server basically forces all productive servers with compiled scripts to stop pushing updates.

Another thing I'm getting more and more disappointed about is that despite the fact that some of the developers are clearly reading this thread as listed in the "users in this topic" list below - ccw even sent me a PM about this (one which I didn't really understood...), there's no actual information about this. We still have no reaction, no clarification, not even a single word from any developer about this entire matter, despite this thread going on for more than 5 pages already.

What did CCW say.