how do we generate a key for unspoofable player IDs?

Discuss the future of Warzone 2100 with us.
Post Reply
Originway
Trained
Trained
Posts: 412
Joined: 08 Aug 2012, 06:22

how do we generate a key for unspoofable player IDs?

Post by Originway »

identity: Give players unique unspoofable player IDs.

Players generate private keys (stored in the .sta files). Replies to NET_PING are now signed, so if the ping of a
player is not ∞, and you recognise the player ID of the player, then you know the ping is from the same player as
before.
how do we do this?
Lord Apocalypse
Regular
Regular
Posts: 678
Joined: 29 Jul 2009, 18:01

Re: how do we generate a key for unspoofable player IDs?

Post by Lord Apocalypse »

simplest is to create it the first time the game starts up. Just create a random string base on current time and some other factor. Depending on the length of the string you may never run across the same string twice.

I think the real question is how can keep other players from getting access to the packet the ID and is in and then injecting that ID into other packets to keep spoofing .

One way is to encrypt the data packets. May not work so well though with an open source project though...

Another is to break the string into 4 byte sections (if its a char string) and mix the ID in with the rest of the data.
Cyp
Evitcani
Evitcani
Posts: 784
Joined: 17 Jan 2010, 23:35

Re: how do we generate a key for unspoofable player IDs?

Post by Cyp »

Lord Apocalypse wrote:simplest is to create it the first time the game starts up. Just create a random string base on current time and some other factor. Depending on the length of the string you may never run across the same string twice.
The private&public key is generated as soon as you use a name for the first time.
Lord Apocalypse wrote:I think the real question is how can keep other players from getting access to the packet the ID and is in and then injecting that ID into other packets to keep spoofing .
The public key is the ID, and other players are supposed to have access to it. The ping reply packets are signed, so if someone spoofs the ID, the player appears permanently dark red with ∞ ping.
Lord Apocalypse wrote:One way is to encrypt the data packets. May not work so well though with an open source project though...

Another is to break the string into 4 byte sections (if its a char string) and mix the ID in with the rest of the data.
Wouldn't help, but the ID is supposed to be public, anyway.
Post Reply