[MUD-Dev] strong encryption for authentication

Ben Tolputt bjt at pmp.com.au
Fri Jul 20 13:01:50 New Zealand Standard Time 2001

Caliban Tiresias Darklock quoted on Sunday, July 15, 2001

> You underestimate the level to which my system permits and
> encourages players to betray and take advantage of one another. ;)

> I think the failure in most PvP games is their assumption that
> people will play fair, and their insistence upon trying to FORCE
> them to play fair. Assume your players will cheat, and design
> around it. Those who don't cheat will be at a disadvantage, but
> they know that going in.

I agree assuming how players intend to play the game (be it fairly
or cheating) is not the best way to design a game. In my case
though, I'm not assuming that all players can cheat - and as such I
want to 'try' and level the playing field.

> Security through obscurity is no security at all. Assume everyone
> knows the content of every byte in every packet you send them, and
> if you don't want them to know it, don't put it in the packet. If
> the packet ends up empty, don't send it.

Something I agree with, however this poses problems for games such
as EQ where the client needs to know about what types (and
'possibly' the position) of avatars/monsters are in a zone so that
it can load the appropriate graphics.

It is cases like this where I think that encryption is a good

> There are in-game facilities for that, too. Chances are this will
> significantly cut down on the number of "private" discussions that
> get held in the first place.

Why should people not be allowed to conduct 'private' discussions
online? People don't like being eavesdropped upon when their out in
the park. It's obviously a public place. I wouldn't promise bullet-
proof security (I'd be a complete idiot if I did), but if a modicum
of security thru encryption can make players feel more comfortable -
it won't reflect badly on the game.

> How does encryption stop sexual harassment or denial of service?
> Impersonating an admin, well... if you can do that with packets,
> your protocol's probably broken.

I too would like to know how encryption would stop harrasment and
DOS attacks. As far as I can tell - encryption serves only to
preserve the anonymity of both data and player - harrasment WILL
occur regradless of this, and DOS attacks use the player's IP
address - something you can't encrypt

MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list