Codes for the hosts

Ideas and suggestions for how to improve the Warzone 2100 base game only. Ideas for mods go in Mapping/Modding instead. Read sticky posts first!
Post Reply
User avatar
NoQ
Special
Special
Posts: 6226
Joined: 24 Dec 2009, 11:35
Location: /var/zone

Codes for the hosts

Post by NoQ » 18 Jul 2012, 18:43

People who regularly host games in the lobby without pre-arranging and are afraid of their room being faked by some other person might like such feature.

When the game name is entered by the host as "Blah Blah Blah!Some Secret Code", the lobbyserver should display it like this: "Blah Blah Blah!Secret Code's Hash", and it should be displayed in the game setup window in a similar way for all clients. The hash should probably be written in a different color. The hash is calculated for the code only. Other clients should not ever receive the code, but only its hash.

Thus, unless you know the code, you can't host a game with the same name and the same hash. If the hash is compact enough to fit the interface (it should use as many different characters as possible), and hard enough to decrypt, this allows to avoid name faking for the hosts. On the other hand, this doesn't require forum credentials to be entered or stored, unlike the previous method.

Not sure this requires any support at all on the game code side (this boils down to: does the client receive the game name from the lobbyserver or from the host when he already joined the game?), but if it does require changes on the game side after all, than probably 2.3 users should somehow be warned not to use this feature on 2.3 to make sure their code isn't posted.

Paul
Trained
Trained
Posts: 51
Joined: 09 Jun 2012, 05:07

Re: Codes for the hosts

Post by Paul » 18 Jul 2012, 19:18

is secret code the same thing as a password?

User avatar
Giani
Regular
Regular
Posts: 804
Joined: 23 Aug 2011, 22:42
Location: Argentina

Re: Codes for the hosts

Post by Giani » 18 Jul 2012, 22:26

Paul wrote:is secret code the same thing as a password?
No.

The code is for when "accidentaly" you host more than one game with the same name and all that? (I mean like this: viewtopic.php?f=4&t=9603 )
My maps: http://forums.wz2100.net/viewtopic.php?f=10&t=9501

Per
Warzone 2100 Team Member
Warzone 2100 Team Member
Posts: 3777
Joined: 03 Aug 2006, 19:39

Re: Codes for the hosts

Post by Per » 19 Jul 2012, 02:08

Isn't what you really want user accounts with login and the ability to invite players by username? Like battle.net?

(We were almost there a while ago, but we had to revert the feature since it wasn't quite secure enough.)

User avatar
NoQ
Special
Special
Posts: 6226
Joined: 24 Dec 2009, 11:35
Location: /var/zone

Re: Codes for the hosts

Post by NoQ » 19 Jul 2012, 04:09

Paul: no. This sort of code doesn't forbid joining the games.
Giani: no. Code is part of the name, so duplicate rooms will still appear. But it makes sure nobody else will host a room with that name while wearing your name even if he wants.
Per: sure do want! But this one is probably more secure (at least it doesn't put forum passwords at risk) and probably more trivial to implement.

T_X
New user
Posts: 5
Joined: 02 Nov 2011, 10:02

Re: Codes for the hosts

Post by T_X » 20 Jul 2012, 20:29

That suggestion sounds neat! No need for a central database and no need for complex public-private key crypto either when the lobby server is used as a trusted hashing entity as you suggest.

It could even be used for general user and not only host authentication, couldn't it?

Just one concern about user-friendliness: I suppose most players won't have a clue about hashes and it might make it "confusing" to display such a cryptic hash in the GUI. The difference between a game password and an authentication secret won't be intuitive for most people.

Hmm, what I'm currently wondering is whether something like a more visual representation of the hash might make sense (the "VisualHostKey" option in ssh made me think of that): Display the hash as a radar with dots, to verify the "location" of the other user as a mouse-over effect over any user name for instance.

Also, having to think about a secret seems unnecessary, why not letting the client code spit out a random secret by default on first boot with an editable text field (to allow reverting back to an old identity). And a "New Identity" or "New Authentication Token" button next to it to generate a new random secret, maybe?

User avatar
NoQ
Special
Special
Posts: 6226
Joined: 24 Dec 2009, 11:35
Location: /var/zone

Re: Codes for the hosts

Post by NoQ » 20 Jul 2012, 20:37

It could even be used for general user and not only host authentication, couldn't it?
Not really. It won't work until a trusted machine (eg. a lobbyserver) does the encryption part. Otherwise it is either easy to modify the client to provide any fake hash you want instead of an encrypted code, or easy to find out the code on the other side.
I suppose most players won't have a clue about hashes and it might make it "confusing" to display such a cryptic hash in the GUI.
People who host regularly will eventually find out and then explain to everybody who asks, i guess ...

Post Reply