[MUD-Dev] Re: Trusting the Client (Re: Laws of Online World Design)

J C Lawrence claw at under.engr.sgi.com
Wed Oct 14 10:33:07 New Zealand Daylight Time 1998


On Wed, 14 Oct 1998 01:03:42 -0700 
Jon Leonard<jleonard at divcom.slimy.com> wrote:

> On Mon, Oct 12, 1998 at 11:33:44PM -0700, mark at erdos.Stanford.EDU
> wrote:

>> 1. When Bubba enters the room, the entire room state (including
>> Boffo) is downloaded to his client, along with a random number
>> seed.

> The random number seed is something you'd really rather keep
> secret.  If a (sufficiently skilled at breaking code) player can
> see your random numbers, they can implement conditional code like
> "attack the monster only if I can kill it" or "open the chest only
> if the trap doesn't trigger".

> You really need to force the client to commit state to the server
> every time it wants a random number.  (If unrealistic luck is a
> problem.)

One could alter this to:

  1) Computation is done on the client.

  2) All random numbers for all computations originate fromthe
server.

  3) Cross-check consistancy statements for all computations are
sent to the server from the client for all data commits for
veracity checking.

Is it absolutely secure?  No.  It is tighter however.

--
J C Lawrence                               Internet: claw at null.net
(Contractor)                               Internet: coder at ibm.net
---------(*)                     Internet: claw at under.engr.sgi.com
...Honourary Member of Clan McFud -- Teamer's Avenging Monolith...




More information about the MUD-Dev mailing list