[messages] [Module Design] Re: Restricting Edit Module Access?
uckelman at nomic.net
Mon Nov 1 15:07:47 MST 2010
Thus spake Thomas Russ:
> On Nov 1, 2010, at 12:42 PM, Tim M wrote:
> > Also a right click on the players name info after they synchronize
> > should reveal the same module CRC as what you are using. Anything
> > different and its not the same.
> Of course, this isn't foolproof either, since you are ultimately
> relying on the Vassal program on their computer to report this CRC.
> With a custom Vassal running you can make this be whatever you want.
> It does up the effort threshold a little bit, in that they would have
> to modify and compile their own very special version of Vassal.
In the long run, the way I plan to handle this is using public-key
cryptography. Essentially, you have a key pair for each player, and
then a key pair for each "view". Game data visible for a view is
encrypted with the view's public key. The private key of a view is
encrypted with the public key of each player who has access to the
view. In order to get the total game data available to you, you
decrypt all of the private keys of the views you have, then use those
to decrypt all the view data you can, then merge all the view data you
With a system like this, I'd be confident that nobody was cheating
by getting information they shouldn't have, even if I were playing
against professional cryptanalysts.
But, this is a long way of at present.
Checking the CRC is a good idea, for now.
More information about the messages