Thread: So how 'bout those Mets?
View Single Post
  #6  
Old August 12th, 2004, 03:20 PM
Gandalf Parker's Avatar

Gandalf Parker Gandalf Parker is offline
Shrapnel Fanatic
  
Join Date: Oct 2003
Location: Vacaville, CA, USA
Posts: 13,736
Thanks: 341
Thanked 479 Times in 326 Posts
Gandalf Parker is on a distinguished road
Default Re: Mumbling about MP security
Quote:
You don't let a client program directly modify the server's concept of state, such as how much resources a side has available. The client will modify its local perception of state (e.g. adjusting gem quantities during alchemy) but the modifications need to be noted and checked for legality.
What was apparently done was that the turn file was edited to have extra gems. Those gems had to be converted to something else or used in forge commands or turned into gold and used to make troops in that same turn before turning in a 2h. The game does have checks for such things but the variations make for alot of "thinking" needed by the game. The game sent him a turn with XX gems in each Category, and received back a 2h file of commands to do things. To take into account the original amounts, plus new gem income, plus all of the things that can be done with it in order to decide "oops too much" is pretty hairy. Especially when you try to reverse logic the troop queue to the gold to the fire gems made from the astral gems which were made from the death gems just as one example. NOT IMPOSSIBLE before someone jumps my case about it, just hairy and time consuming to get it put in. I didnt want to get into the "method of hack equals difficult to track" how-to here.

Quote:
You do let a client program submit instructions (proposed modifications to state, essentially) but need to check for bogosity. Having the client record "have this commander with a dwarven hammer forge this item" is very different from having the client itself define the new gem and item inventories.
Hmmm is that what it does now? The pros and cons of a clearer "log of commands given" is being discussed as something which has some advantages although of course some disadvantages also. As usual, the programmers in the forum have a pretty cler view of what can be done. Its great to see these discussions.

Quote:
A host could still cheat, but a sufficiently paranoid system could be set up to defeat cruder attempts like a host modifying data after receiving it, or reading turn files before submitting his own; it would increase the number of Messages -- e.g. players submit files encrypted with single-use keys (key pairs, preferably), all encrypted files duplicated at a second host site (a public key algorithm would allow verification of authorship), both hosts process the same files using the same PRNGs and math, both hopefully coming up with consistent results which could be reasonably checked using message-digest algorithms without revealing unencrypted state to all players. Either host in such a system could potentially learn full game state, but only after their turns were submitted, and it would require conspiracy or freakish luck for a host to be able to edit the turn files. Separate host-controlled game state files could be similarly signed/encrypted using keys submitted by all the players, to reduce the probability of the host being able to independently modify or read that file as well. Feh.
To an extent this could be implemented now by players. Before the addition of a master password feature I had setup to be a "seperate trusted host" setting up an email account that people could email their game-file passwords to. That way the host (who was also playing) didnt have access to the passworded files, but if a player fell out of the game then I could step in to turn on AI or do other checks.

In fact, that might work now as a low-tech answer. One thing Im worrie about is that now that Illwinter has shown they can dismantle a turn file to get answers Im afraid they will be swamped by requests every time any player feels another player did something shady. As often as we see Posts to that affect here which get answered as possibilitys that the player hadnt considered, you can see how busy that might be.

If someone declared their game to be only playable by people who were willing to email their passwords to a trusted site, would that help? In the case of what occured we would either have had a player who flatly refused "to let anyone view his secret tactics and strategies" (in which case anyone who played with that player would be taking their chances) or we would have had a much quicker and sooner way to have someone examine the turn file for inconsistancies. I AM NOT SAYING THIS IS THE ANSWER OR THAT OTHER THINGS CANT BE DONE just that its a low-tech thing that can be done today if people are concerned. (thats another disclaimer to cut off some of the responses I tend to get)
__________________
-- DISCLAIMER:
This game is NOT suitable for students, interns, apprentices, or anyone else who is expected to pass tests on a regular basis. Do not think about strategies while operating heavy machinery. Before beginning this game make arrangements for someone to check on you daily. If you find that your game has continued for more than 36 hours straight then you should consult a physician immediately (Do NOT show him the game!)
Reply With Quote