[MUD-Dev] Trusting the client, encrypting data

Paul Schwanz pschwanz at comcast.net
Thu Jan 8 10:50:23 CET 2004

Sean Middleditch wrote:
> On Thu, 2003-12-18 at 05:52, Ola Fosheim Grøstad wrote:
>> Sean Middleditch <elanthis at awesomeplay.com> writes:

>>> It isn't necessary to break any keys.  The key and decryption
>>> method are sitting right on the user's hard-disk, in the game
>>> binary.  And all the data is stored unencrypted somewhere (be it
>>> on disk or in memory) since it has to actually be used.

>> No, the user does not have access to the key when he receives the
>> encrypted data. That's the point.

> It doesn't work that way.  The information (code, and keys) needed
> to decrypt the data are quite obviously somewhere accessible to
> the user, be it in the game binary, installed data files, or data
> on the CD.  The user might have to do some work to find the
> key/code, but it's there. Otherwise, you're sending a bunch of
> data to a game client that can't possibly use it.

Exactly.  But then you don't want the client to be able to use it,
since the character shouldn't "know" the data yet.  But when you
reach the point where the character should know the data, all you
have to do is send the key instead of sending all the data.  Up
until that point, the key is not accessible to the user, because it
is still held on the server.

MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the mud-dev-archive mailing list