how do we do this?identity: Give players unique unspoofable player IDs.
Players generate private keys (stored in the .sta files). Replies to NET_PING are now signed, so if the ping of a
player is not ∞, and you recognise the player ID of the player, then you know the ping is from the same player as
before.
how do we generate a key for unspoofable player IDs?
how do we generate a key for unspoofable player IDs?
-
- Regular
- Posts: 678
- Joined: 29 Jul 2009, 18:01
Re: how do we generate a key for unspoofable player IDs?
simplest is to create it the first time the game starts up. Just create a random string base on current time and some other factor. Depending on the length of the string you may never run across the same string twice.
I think the real question is how can keep other players from getting access to the packet the ID and is in and then injecting that ID into other packets to keep spoofing .
One way is to encrypt the data packets. May not work so well though with an open source project though...
Another is to break the string into 4 byte sections (if its a char string) and mix the ID in with the rest of the data.
I think the real question is how can keep other players from getting access to the packet the ID and is in and then injecting that ID into other packets to keep spoofing .
One way is to encrypt the data packets. May not work so well though with an open source project though...
Another is to break the string into 4 byte sections (if its a char string) and mix the ID in with the rest of the data.
Re: how do we generate a key for unspoofable player IDs?
The private&public key is generated as soon as you use a name for the first time.Lord Apocalypse wrote:simplest is to create it the first time the game starts up. Just create a random string base on current time and some other factor. Depending on the length of the string you may never run across the same string twice.
The public key is the ID, and other players are supposed to have access to it. The ping reply packets are signed, so if someone spoofs the ID, the player appears permanently dark red with ∞ ping.Lord Apocalypse wrote:I think the real question is how can keep other players from getting access to the packet the ID and is in and then injecting that ID into other packets to keep spoofing .
Wouldn't help, but the ID is supposed to be public, anyway.Lord Apocalypse wrote:One way is to encrypt the data packets. May not work so well though with an open source project though...
Another is to break the string into 4 byte sections (if its a char string) and mix the ID in with the rest of the data.