Wednesday, August 4, 2010

Encryption For Competition

Tonight i started on encrypting my save game data. The reason i need to encrypt it is so i can  run a competition or two when my new game A Shooter comes out. I want to run a  few competitions based on the score that people can achieve. so rewarding the best players (or most dedicated). However i know people will cheat when there is a prize on the line.

So i worked out what algorythm i will use to encrypt the data, but i am a little disconcerted at this point. Ya see, it doesn't matter how much time i put into encrypting the data, it will always be crackable. There are several well known and documented ways to do this and all of them will work given enough time and dedication. So the question is, just how robust will it be? I know that it is only going to be an Xblig game, so will probably be overlooked by many people. Though i know some people will regard it as more of a challenge than actualy playing my game. Once cracked of course the unscrupulous hacker can insert any score he feels like.

So what do i do? How long do i spend on this, how many layers of self and extra checking should i put into it? I certainly don't have the answer at the moment. Needless to say, if i get to run a top score competition, then i will need to feel it has some level of validity.



  1. Yeah, just put in the rule that only non-cheaters are allowed to join :P.

    But actually, algorithms using a certain length key will take a certain average length of time to crack given a realistic amount of computing power. With current technology there's always the chance someone will be lucky with a guess and get it right away, but it's a negligible chance. So you could use that time frame so that you know in all likelyhood your saves won't be cracked for X number of years, then you can feel pretty safe for your competition.

    With game security, there are a few places people go wrong, and it's usually not too much of an issue. But if you want to be really secure, I have two tips:

    1. Use a computer generated and very long encryption key. Even though the best a computer can manage is psuedo random at best, it's still usually better than any pass phrase a person will generate. And you can copy paste this key, so keep it quite long. Keep that key secure. Also, when storing it in the game code, store it in pieces so it's not just sitting there for anyone with a hex editor to find.

    2. Don't store save data in expected ways. For instance, don't store a string the player would expect to see in a save file (like their user name/character name/current level name) in a single piece. That gives a cracker something to look for in their answer and if nothing else makes it easier to automatically tell if they have found the correct solution (at worst it gives them a before and after to derive the key from).

    Your save files are probably pretty short, yeah? That actually helps too, the less they have to go on the harder it is to crack. Of course with saves, people get around that to some extent by creating multiple saves to work from. That is one reason I don't recommend including a common signature in saves though, it gives a cracker something to compare against.

    If you've found a prize though that's worth the effort it would take to break even standard encryption, you're doing an excellent job :).

    Best of luck!

  2. The Prize is certainly worth the effort, a Sorcerygames T-Shirt and probably Hats to go along with that. I dunno just yet :O

    Nice comments, and i agree with what ya said.

    Da Voodoochief