[MUD-Dev] Trusting the client, encrypting data

Amanda Walker amanda at alfar.com
Thu Dec 18 13:42:25 New Zealand Daylight Time 2003

On Dec 18, 2003, at 3:36 AM, Peter Harkins wrote:

> This discussion has veered a bit into reiterating the old "don't
> trust the client", which the original poster never suggested.

Oops, you're right.  Sorry, I've been in too many "well, but if we
just encrypt it well enough..." discussions.  Apologies, everyone.

> The deal is: if you don't trust the client, can you send any data
> for things that the player shouldn't know about yet but probably
> should soon -- like what's on the other side of a door. The
> solution proposed is: symmetrically encrypt the data, and send it
> to them. Then when they need to know the data you can just send
> the key (hopefully small) instead of the data (a larger amount of
> data), reducing some delays.

Ah, yes, I see.  This will work nicely (as long as you use a new key
for each block of data).  Quite clever idea.

> Whether the server has the spare CPU for it is probably the most
> important question,

A modern gaming PC has more than sufficient CPU to do this with any
common symmetric cipher.

I suspect that the round trip time between the server deciding the
client can have the key now and actually getting it delivered might
be the real constraint.  For things that involve a pause (such as
opening a door or gate), this can probably be disguised.  For things
like coming around a hill, it might be harder, since the server may
not have an accurate idea of what the client can see synced closely
enough to real time.

Amanda Walker
MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list