Warzone 2100 Forums

People who regularly host games in the lobby without pre-arranging and are afraid of their room being faked by some other person might like such feature.

When the game name is entered by the host as "Blah Blah Blah!Some Secret Code", the lobbyserver should display it like this: "Blah Blah Blah!Secret Code's Hash", and it should be displayed in the game setup window in a similar way for all clients. The hash should probably be written in a different color. The hash is calculated for the code only. Other clients should not ever receive the code, but only its hash.

Thus, unless you know the code, you can't host a game with the same name and the same hash. If the hash is compact enough to fit the interface (it should use as many different characters as possible), and hard enough to decrypt, this allows to avoid name faking for the hosts. On the other hand, this doesn't require forum credentials to be entered or stored, unlike the previous method.

Not sure this requires any support at all on the game code side (this boils down to: does the client receive the game name from the lobbyserver or from the host when he already joined the game?), but if it does require changes on the game side after all, than probably 2.3 users should somehow be warned not to use this feature on 2.3 to make sure their code isn't posted.

is secret code the same thing as a password?

Paul wrote:is secret code the same thing as a password?

No.

The code is for when "accidentaly" you host more than one game with the same name and all that? (I mean like this: viewtopic.php?f=4&t=9603 )

Isn't what you really want user accounts with login and the ability to invite players by username? Like battle.net?

(We were almost there a while ago, but we had to revert the feature since it wasn't quite secure enough.)

Paul: no. This sort of code doesn't forbid joining the games.
Giani: no. Code is part of the name, so duplicate rooms will still appear. But it makes sure nobody else will host a room with that name while wearing your name even if he wants.
Per: sure do want! But this one is probably more secure (at least it doesn't put forum passwords at risk) and probably more trivial to implement.

That suggestion sounds neat! No need for a central database and no need for complex public-private key crypto either when the lobby server is used as a trusted hashing entity as you suggest.

It could even be used for general user and not only host authentication, couldn't it?

Just one concern about user-friendliness: I suppose most players won't have a clue about hashes and it might make it "confusing" to display such a cryptic hash in the GUI. The difference between a game password and an authentication secret won't be intuitive for most people.

Hmm, what I'm currently wondering is whether something like a more visual representation of the hash might make sense (the "VisualHostKey" option in ssh made me think of that): Display the hash as a radar with dots, to verify the "location" of the other user as a mouse-over effect over any user name for instance.

Also, having to think about a secret seems unnecessary, why not letting the client code spit out a random secret by default on first boot with an editable text field (to allow reverting back to an old identity). And a "New Identity" or "New Authentication Token" button next to it to generate a new random secret, maybe?

It could even be used for general user and not only host authentication, couldn't it?

Not really. It won't work until a trusted machine (eg. a lobbyserver) does the encryption part. Otherwise it is either easy to modify the client to provide any fake hash you want instead of an encrypted code, or easy to find out the code on the other side.

I suppose most players won't have a clue about hashes and it might make it "confusing" to display such a cryptic hash in the GUI.

People who host regularly will eventually find out and then explain to everybody who asks, i guess ...