PigeonLoft Website



Send out some Pigeons to receive the latest information from your realm! ;-)

 





This is an open-source python website to access your jobs via the internet.

Please access the latest version from our Git, Folder "RoyalPigeonLoft".

https://github.com/BinaryAlchemy/RoyalRender-OpenExtensions.git




It requires you to forward the port 7773 of your rrServer machine through your internet router.
This way you can access the rrServer from the internet.
This way the website can retrieve all data.


If you own an RR license, the data is encoded.
To be able to encode the data, you have to add users with a password in rrConfig, menu Server, tab rrLogin.




rrDynDNS


RR includes an application rrDynDNS.

It is required if you do not have a fixed IP for your internet connection.


rrDynDNS calls your website and updates the IP of your internet connection for the website.


Installation:

  • Copy the executable onto the local drive of your machine.
    e.g. C:\Program files\RoyalRender or /usr/local/RoyalRender/

  • Create a file named dyndns.cfg
    Add these lines:

    host=www.YourWebserver.com/RoyalPigeonLoft
    port=5000
    DDNS_KEY=key123456789
    interval_mins=1
    ssl=false
    ignore_ssl_errors=false


The DDNS_KEY has to match the DDNS_KEY you have set in the config file of the website.




Note on security concerns

First some notes about the rrDynDNS application.

You may think "This simple DDNS_KEY is not very secure"        
But no matter which security protocol is used, someone is always able to dublicate your data packet and send it from an other location again.
As it does not matter what's inside the packet, the package itself must be valid.
And this changes the rrServer IP of your website to some other IP.

What is the worst that can happen?
Your website does not work any more as it is not able to get your jobs.
There is no security breach as the "attacker" can still not retrieve the jobs from your rrServer.


Detailed information:

An attacker might be able to get the rrLogin name and a tiny 16Byte (128 bit) hash of the password.

1) Returned data is encrypted
With the password hash, the attacker might be able to authorize a request at the rrServer if he is able to crack the packet encryption we use.
BUT then the rrServer encodes the data returned with a 4096 bit encryption and a 40Byte (320 bit) hash of the rrLogins password.
And this hash is never send in any direction.

2) 16Byte hashes?
You may have heard that 16Byte hashes are not very secure.

16Byte MD5 hashes have been used for dacades on Linux, some websites used a 20Byte SHA-1 hash. (e.g. LinkedIn with their huge password breach in 2012).


There are some issues with these old hashes:

  • These algorithms are fast and use little memory.
    Because of the small memory requirement, you can run these algorithms on all GPU cores.
  • Most of the time websites and OS do/did not use a SALT. 
    SALT is a random modification added to your password.
    Without any salt, it is easier to find passwords with common phrases/words.
    Rainbow Tables can be used without a SALT.


RR uses Argon2 hashes (Winner of the Password Hashing Competition)

  • We use a SALT for your password hashes.
  • Argon2 requires way more memory and requires multiple threads.
    Which makes it a lot harder to run on GPUs.
  • Argon2 has multiple settings to compute completely different hashes.
  • Argon2 is way slower

Hash Algorithm

Time to calculate 1 billion hashes 
(milliard for the non English readers) 

A default 2023er CPU
One application running

Test times converted to using 100 physical cores in parallel
(Argon test app requires 2 cores, the oldes ones 1 core)

MD5

2 Minutes 

1 seconds

SHA-1

52 Minutes

30 seconds

Argon2 16Byte

101 years

1 year

Argon2 40Byte

191 years

2 years


Notes: 

If your password has a length up to 10 characters, using one of 72 different letters (26 letters upper/lower + 10 digits + 10 special (upper digits)), 
then there are 3 743 906 242  x  1 billion (the test amount) possible combinations for a password. 
An optimized GPU implementation of MD5 using almost all cores of a GPU (GPUs have thousands of cores) is at least 100 000 times faster than this CPU version. 
Argon2 using CUDA with a GTX 3060 is about 6 times faster. It could theoretically run up to 375 threads in parallel, which could make it 2250 times faster than the CPu version in the test (theoretically as the RAM speed of the GPU limits its parallel processing).