I have already posted this to Minecraft Help and he suggested us to re-post it here :-)
Hello,
Minecraft multiplayer protocol works well but I found that the current MC:JE online encryption protocol is old and outdated for modern use. I'd like to ask if there is any plan to update that protocol for performance and security improvements?
My point is that, the current protocol that only requires 1024 bits on RSA size is unsafe. By the way, RSA encryption/decryption is not a good design for secret key exchange. It's 2023 now and X25519 is better on doing this. X25519 is widely used (by WireGuard and TLS) and its public/private key is several times smaller than RSA and also faster and safer. This upgrade can be done gracefully to just put a magic string to the "server id" field of Encryption Request, which is unused and can be used for compatible upgrade hints (just like TLS Downgrade etc).
For symmetric encryption, Java AES/CFB8 is strange and is not supported by most programming language standard crypto libraries. I'd like to suggest AES-128-CTR (stream cipher), which is faster because of its parallel operation capabilities. If message authentication is needed, then AES-128-GCM is a good choice (it just based on CTR mode).
I send you these suggestions because of my personal interests. I really hope a faster, safer MC:JE encryption protocol with compatibility for old versions can come out in the future, and we can apply that update to old clients by mods.
Please sign in to leave a comment.
2 Comments