[Home] [Groups] - Message: [Prev in Group] [Next in Group]
8353: [MUD-Dev] Re: Trusting the Client (Re: Laws of Online World Design)
[Full Header] [Plain Text]
From: J C Lawrence <claw@under.engr.sgi.com>
Newsgroups: nu.kanga.list.mud-dev
Date: Wed, 14 Oct 1998 10:33:07 -0700
References: [1]
Organization: Kanga.Nu
On Wed, 14 Oct 1998 01:03:42 -0700
Jon Leonard<jleonard@divcom.slimy.com> wrote:
> On Mon, Oct 12, 1998 at 11:33:44PM -0700, mark@erdos.Stanford.EDU
> wrote:
>> 1. When Bubba enters the room, the entire room state (including
>> Boffo) is downloaded to his client, along with a random number
>> seed.
> The random number seed is something you'd really rather keep
> secret. If a (sufficiently skilled at breaking code) player can
> see your random numbers, they can implement conditional code like
> "attack the monster only if I can kill it" or "open the chest only
> if the trap doesn't trigger".
> You really need to force the client to commit state to the server
> every time it wants a random number. (If unrealistic luck is a
> problem.)
One could alter this to:
1) Computation is done on the client.
2) All random numbers for all computations originate fromthe
server.
3) Cross-check consistancy statements for all computations are
sent to the server from the client for all data commits for
veracity checking.
Is it absolutely secure? No. It is tighter however.
--
J C Lawrence Internet: claw@null.net
(Contractor) Internet: coder@ibm.net
---------(*) Internet: claw@under.engr.sgi.com
...Honourary Member of Clan McFud -- Teamer's Avenging Monolith...