[MUD-Dev] Identifying Players

Crosbie Fitch crosbie at cyberspaceengineers.org
Mon Aug 4 10:22:40 CEST 2003 

From: Scion Altera

> How is this any better for identifying unique humans than a
> regular password scheme?

>   1) User H creates character P with password K on game G.

>   2) When user H attempts to play as P, G asks for K.

>   3) Assuming H hasn't shared K with anyone, H and G are the only
>   ones who know K.

> Requiring the user to decrypt a random number using their private
> key adds a small amount of added security because the private key
> is never transmitted to the game. The random number is in effect a
> single use temporary password. However, if the user shares the
> private key with a friend, they can both still use the character
> so long as they don't attempt it simultaneously. This does not
> achieve the original goal of ensuring that there is only one user
> per character.

To be frank, I'd originally developed this scheme to identify
computers participating in a p2p system (maybe I should have
presented it as such - and not worried if would have been
off-topic). However, when I read the "Counting Massive
Multi-Players" thread I just thought "Hey, maybe that scheme of mine
would work for players too?" But, the automatic black-list idea
doesn't work so well. It's easier to caution user against allowing a
backedup PC to become a participant than it is to caution players
against logging in on one computer before logging out on another.

Sorry for the hasty reworking of the idea to players.

Instead of auto-blacklisting, I guess you'd just check against
simultaneous play, i.e. the player has the choice of A: "Silly me, I
forgot to log out on my home machine" or B: "Oh dear, someone's
hacked my password - I'll request the player blacklisted", or C:
"That'll be Barney - I'll ring him up and tell him to quit cos it's
my turn".

Essentially my original problem was this:

  1) There is no central server

  2) There are millions of computers

  3) Each one needs to be identifiable (it should be easy for any
  computer to check the ID of any other computer)

  4) Some computers will be malicious

  5) A good computer needs to be inclined toward maintaining the
  same ID

  6) Bandwidth is precious

NB It is possible to detect simultaneous ID use, and this can
indicate an abnormal/undesired situation.
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list