Grognot -> RE: Security needs to be a major priority with this game (11/12/2008 4:47:35 AM)
|
quote:
ORIGINAL: Jimmer quote:
Now, your next question should be "Hey, doesn't this mean even MORE emails?" Maybe not. Let's suppose that a particular sequence was generated when the game started. It could be passed along with the save file, and if we wanted to be a bit paranoid, the game could not only include that but a checksum incorporating a secret (e.g. MD5 of the concatenation of the game secret, with some hidden key buried in the game code -- not the save file. Probably no need to go RSA-heavy, heh). Then, a PRNG is usually initialized with some bit sequence. The same sort of magic (MD5) can work here: take the game seed, concatenate it with a proprietary secret (to make it harder to figure out what the actual PRNG seed will look like, and thus make it harder to forecast rolls), and furthermore concatenate it with some key denoting the type of action and location (e.g. '1809:09:land:fr:prov79:fieldcombat:attacker:round3:outflankroll'). Take the MD5 hash of the combined string (or different hash if the PRNG requires more bits), seed the PRNG with it, roll. It's somewhat robust unless the PRNG is prone to patterns early in a sequence. Nice thing is, strings which are similar to each other aren't supposed to generate similar MD5 hashes, so you can do this with just the per-game secret and the built-in one. Bad thing is, it might be slightly computationally ugly, but it's not -that- bad. It would still allow somebody to decide whether or not to actually -do- something (there's no real way around that unless there's a way to commit results to somebody else before seeing them -- problem if you're using quick combat, for instance... or with naval battles, testing interception), but reload + reorder wouldn't work.
|
|
|
|