[MUD-Dev] strong encryption for authentication

Caliban Tiresias Darklock caliban at darklock.com
Sun Jul 15 04:51:48 CEST 2001 

On Thu, 12 Jul 2001 22:33:31 -0400, "Derek Licciardi"
<kressilac at home.com> wrote:

>> Now, ALTERING it, I have a problem with. But I tend to think
>> that's going to be a minor problem, if it ever crops up at all.

> You underestimate the level to which players will go to gain an
> advantage over someone.

You underestimate the level to which my system permits and
encourages players to betray and take advantage of one another. ;)

I think the failure in most PvP games is their assumption that
people will play fair, and their insistence upon trying to FORCE
them to play fair. Assume your players will cheat, and design around
it. Those who don't cheat will be at a disadvantage, but they know
that going in.

> ShowEQ is a great example.  People would setup second machines in
> EQ to see the packets coming in and out.  This revealed waay to
> much information about the mechanics of the game in my opinion.
> It allowed the construction of Heads Up displays that gave a
> significant PvP advantage to those using them.

Security through obscurity is no security at all. Assume everyone
knows the content of every byte in every packet you send them, and
if you don't want them to know it, don't put it in the packet. If
the packet ends up empty, don't send it.

> In a MUD proxies and such could be used to good advantage.  If lag
> is killing you while you run from place to place, proxy the
> packets in the middle out of the system using a filter. Less lag
> means less downtime.

Which is exactly why I provide an in-game facility for doing exactly
that. Of course, when something nasty happens on the way, you can
get screwed pretty royally.

> Sniffers could listen in on nearly anything said in the game and
> record it for your own usage.  This includes all administrative
> discussions as well as private player discussions.

There are in-game facilities for that, too. Chances are this will
significantly cut down on the number of "private" discussions that
get held in the first place.

> What about the possibility of someone using a sniffer/repeater to
> ruin another players experience(sexual harassment, denial of
> service, impersonating an admin)?

How does encryption stop sexual harassment or denial of service?
Impersonating an admin, well... if you can do that with packets,
your protocol's probably broken.

_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list