Network and crypto?

  • Just wondered if the network messages will be encrypted to prevent cheating?

    • Because all source code is available encrypting network messages will not prevent cheating. Most likely all clients will be using libArianneClient, which would incorporate the encryption routines. The only way to prevent cheating is checking the contents of the network messages. This must be done by a _trusted_ server. At present this is not implemented though.

      • Maybe some form of CRC checking would be in would have to be fairly dynamic since it can change from system to system depending on libraries/compiler used.  However maybe when the client binary is compiled we could store a checksum of that binary and have the server check that on a regular basis.  Of course then that means it'll need to store a checksum for every platform that could potentially connect to it...and more than likely server administrators would need to distribute their own client binaries for server use rather that joe average just rolling his own binary and just specifying an ip/port.

        Another option might be to do security checks between the client and server of the user data.

        • That don't work because you can always hack the client to report "correct" checksums or whatever.

          THe server can never trust client data, thus all checking must be done on server.

          • Cyberlynx

            why not have a seeded  rotating encryption, I have seen rotating encryption keys in action and they are a devil to break as they rotate far too fast...

            The seed could be decided by the server.....

    • Encript messages won't prevent cheating.
      What prevent cheating is that each message/action submitted by client is validated by Client, and this is done now on code...

      Also player can only run actions... so it is stupid whatever it modify on client, because Server is always right.

      • Wouldn't encryption be nesessary to prevent someone else from intercepting / modifying messages. It wouldn't work against a cheating client, but it could prevent people from taking over anothers account to steal equipment etc.

        • I don't think so.
          Unless you want to connect using the agressor computer, in that case yes.
          I suggest that you add a feature about it, as it is really simple to add this to the engine.

    • Ori Pessach
      Ori Pessach

      Preventing cheating this way is provably impossible. The only valid solution I've seen suggested is: "Play with your friends". This implies constructing some sort of a 'ring of trust', using electronic signatures to assure players that the person with whom they're playing is who she claims to be.



Cancel   Add attachments