Results 1 to 5 of 5
Thread: Client-side authentiation
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Sep 2008
My topic is not strictly related to linux, but I still turn to this forum in hope to get some insight.
I know they say in security contexts "never trust the client". I am in a situation where I think I might have to:
I am making a game (for Android) and I want people to be able to upload high-scores. How would I go about making sure the high scores cannot be tampered with?
I though about making the client (my game) do some hashing with a key, but since it's actually ran on the phone I guess it can always be cracked - correct?
Are there any known methods for attacking such problems? The anti-cheat systems used in larger games seem just a little over-kill...
If you don't trust the client, well, then you can't trust them. Really, you can't.
Public key encryption only help you to make sure the client is who he pretends to be.
But this does not make it impossible to lie. (Maybe it makes it less likely though. Who wants to become known as untrustworthy?)
You see, this issue is more a problem to be solved on a social level rather than on a technical level.Debian GNU/Linux -- You know you want it.
- Join Date
- Sep 2008
I guess you're right
Yeah, having though about it, I guess you're right about it being a social problem. The more I think of it, more clearer it becomes that you cannot trust the client - from a technical point of view - ever.
I though about hashing the executing process and hashing that hash the the high score content. That way you'd have to be running the original client in order for it to work. But of course, if you know what's going on, you could make a new client which does the same (but hashes the original client instead of the running). Whatever ideas I come up with, there's always a way around it.
Asymmetric keys would certainly help keep track of who submitted which score - but as Gnu-Fan says, they could still submit modified scores.
I guess I will do something simple, just to make cheating impractical - and just double-check that my high-scores don't have any bugs instead!
Thanks for the in-sights!
Well I know about that issue as I RCE a lot of Code that use Asymmentric code for my job. But its a thing that keeps people away..
But yea what you can do.. and is mostlikey the best way is make a 'server' for Highscore play Where the client only draws and accepts input.. But that might not be exactly what you want / can afford.
Or use ways MMORPGs work.. with Memory Matching etc and just making it to 'complex' for skiddies to cheat. And therefor reduce cheaters.. =)
Hope I still helped you a bit