[MUD-Dev] Re: Trusting the Client (Re: Laws of Online World Design)
J C Lawrence
claw at under.engr.sgi.com
Wed Oct 14 10:33:07 CEST 1998
On Wed, 14 Oct 1998 01:03:42 -0700
Jon Leonard<jleonard at divcom.slimy.com> wrote:
> On Mon, Oct 12, 1998 at 11:33:44PM -0700, mark at erdos.Stanford.EDU
> wrote:
>> 1. When Bubba enters the room, the entire room state (including
>> Boffo) is downloaded to his client, along with a random number
>> seed.
> The random number seed is something you'd really rather keep
> secret. If a (sufficiently skilled at breaking code) player can
> see your random numbers, they can implement conditional code like
> "attack the monster only if I can kill it" or "open the chest only
> if the trap doesn't trigger".
> You really need to force the client to commit state to the server
> every time it wants a random number. (If unrealistic luck is a
> problem.)
One could alter this to:
1) Computation is done on the client.
2) All random numbers for all computations originate fromthe
server.
3) Cross-check consistancy statements for all computations are
sent to the server from the client for all data commits for
veracity checking.
Is it absolutely secure? No. It is tighter however.
--
J C Lawrence Internet: claw at null.net
(Contractor) Internet: coder at ibm.net
---------(*) Internet: claw at under.engr.sgi.com
...Honourary Member of Clan McFud -- Teamer's Avenging Monolith...
More information about the mud-dev-archive
mailing list