RA2lover
|
  |
| Joined: 09 Nov 2008 |
| Total Posts: 1254 |
|
|
| 15 May 2012 11:36 AM |
I'm trying to make a system to hand out items and other stuff for a game i'm making - from outside it.
so far the current idea is based on codes, containing information which could be used to have a player unlock items.
so far, the idea relies on base32 codes from ~20 to 100+ character length, providing encrypted info of stuff.
the code syntax right now(not final) is defined as such:
char 1 - key1 length(1 char)
char2~key1length+1 - key1(used to decrypt the rest of the info along with an external, non-public key) - 1~32 chars
end of key1 will be followed by 3 characters(flags), containing 15 bits of data which can be used to provide special instructions to the rest, like adding a specific player name to the encryption system(pretty much rendering that code useable only for that player), or other instructions related to key2.
after that, number of items to be given(1 char)
after this number, 3 chars - the 2 first ones being the item ID, the third one indicating some other thing, like the aumount of items being given or duration, repeated until the end of the list with other IDs
following the item list, we'll have 3~7 characters(not defined yet) containing a timestamp(used for codes which expire for instance), followed by 2 or 3 characters(dunno yet) containing an unique ID, used for DP purposes to prevent users from redeeming the same code multiple times, along with the timestamp.
when joining the game, all timestamps in DP are checked, and deleted along with the item usage IDs, freeing those to be used later.
following the timestamp and code ID we'll have another character specifying key2's length, followed by key2. it can provide special instructions along with flags, allowing for group-only codes or similar.
then we'll have a last header character, containing a hash's length, followed by a hash for the whole unencrypted code AND key1 used to slow down or prevent code counterfeiting.
i've no idea of how (un?)secure this system is, nor how many characters people are willing to type to get something though, which is where this thread's discussion comes in. |
|
|
| Report Abuse |
|
|
|
| 15 May 2012 11:38 AM |
Make sure you dont have 2 similiar characters like capital i and lower case L
Use caps letters too
And add some basic symbols liek * _ - . : = ? ! @ # % & / ( ) [ ] { } +
k |
|
|
| Report Abuse |
|
|
RA2lover
|
  |
| Joined: 09 Nov 2008 |
| Total Posts: 1254 |
|
|
| 15 May 2012 11:41 AM |
it's base32...
you can't have this many characters. the plan involves currently having the characters going from 0~9 then from A~V.
thanks for reminding me of case issues though - i think this can be solved easily by using :upper() though |
|
|
| Report Abuse |
|
|
RA2lover
|
  |
| Joined: 09 Nov 2008 |
| Total Posts: 1254 |
|
|
| 15 May 2012 11:43 AM |
| i'm using thoroughly though though. |
|
|
| Report Abuse |
|
|
|
| 15 May 2012 11:44 AM |
nnonono
i mean, use both lower and upper case letters, but dont use both of lower-case-L and upper-case-i and stoof
Why does it need to be base 32 y not base 61½ |
|
|
| Report Abuse |
|
|
RA2lover
|
  |
| Joined: 09 Nov 2008 |
| Total Posts: 1254 |
|
|
| 15 May 2012 11:56 AM |
| easier to decrypt, define flags, and such |
|
|
| Report Abuse |
|
|
|
| 15 May 2012 02:41 PM |
why not just have an SQL database keeping track of who has what and then the client requests a list of their items?
that way hackers won't be validated by peers and can be detected
providing I understand what you mean |
|
|
| Report Abuse |
|
|
|
| 15 May 2012 03:32 PM |
Join The European Armed Forces a group rapidly growing. Do not miss your chance to be an HR and end up regretting it http://www.roblox.com/My/Groups.aspx?gid=261239 OWNED BY IPOFALLSFLAT |
|
|
| Report Abuse |
|
|
|
| 15 May 2012 03:35 PM |
@xxbroken
Enjoy your ban for spamming with useless group advertising rubbish |
|
|
| Report Abuse |
|
|
|
| 15 May 2012 04:40 PM |
| Why not just use badges? You can know if an user owns any badge from any place no matter whether the badge has anything to do with the place. |
|
|
| Report Abuse |
|
|
Quenty
|
  |
| Joined: 03 Sep 2009 |
| Total Posts: 9316 |
|
|
| 15 May 2012 04:42 PM |
^^^^
Furthermore, if you must use codes, make them one time use (Or tell them that is so), and lock it to a certain userID.
:D |
|
|
| Report Abuse |
|
|
RA2lover
|
  |
| Joined: 09 Nov 2008 |
| Total Posts: 1254 |
|
|
| 15 May 2012 05:55 PM |
"why not just have an SQL database keeping track of who has what and then the client requests a list of their items?"-trappingnoobs
i'm pretty sure i won't need all of this. A JSON-encoded table containing items owned by that player along with their expiration time(or uses left) should probably be enough for my purposes. also, i'm pretty sure we're not really supposed to access an external database - and if it's possible, it would probably be patched soon.
also, i'm not really willing to pay for hosting that. 45kb of DP are enough.
"Why not just use badges? You can know if an user owns any badge from any place no matter whether the badge has anything to do with the place."-JulienDethurens
badges cost to create(both in BC and robux), and only carry a one-time-write boolean value - that is simply not enough data.
"Furthermore, if you must use codes, make them one time use (Or tell them that is so), and lock it to a certain userID."-Quenty
which is exactly what key2 and code ID are for. i took that in mind when designing the system.
|
|
|
| Report Abuse |
|
|
LXDE
|
  |
| Joined: 19 Apr 2012 |
| Total Posts: 456 |
|
|
| 15 May 2012 07:25 PM |
Just create some sort of algorithm that generates random codes using a certain set of rules.
That's how companies make registration codes for programs.
That's also how pirates make keygens. |
|
|
| Report Abuse |
|
|
RA2lover
|
  |
| Joined: 09 Nov 2008 |
| Total Posts: 1254 |
|
|
| 16 May 2012 11:09 AM |
you could simply input a random hashlength/key1 to "randomize" the code.
here the system must provide multiple types of data, instead of a simple mechanism to check for a true/false(the usual "is a valid key?" value). |
|
|
| Report Abuse |
|
|
|
| 16 May 2012 11:38 AM |
| y u no base 64 then. Should be as simple as 32. |
|
|
| Report Abuse |
|
|
RA2lover
|
  |
| Joined: 09 Nov 2008 |
| Total Posts: 1254 |
|
|
| 16 May 2012 02:54 PM |
| base64 would mean i'd only have 62 useful characters - having not one but two special characters would be rather confusing. also, case sensitiveness would still drive players carazy. |
|
|
| Report Abuse |
|
|
RA2lover
|
  |
| Joined: 09 Nov 2008 |
| Total Posts: 1254 |
|
| |
|
Quenty
|
  |
| Joined: 03 Sep 2009 |
| Total Posts: 9316 |
|
|
| 18 May 2012 01:29 AM |
You see, there's no external database, therefore, it's impossible to secure your promotional system completely.
Furthermore, players can randomly generate their keys, if they know the method you are using.
I suggest squaring a few numbers here and there, and generally finding methods that are easy one way, but hard without knowing something specific, like 2 numbers that have to be added together to get the number that results in that square, or whatever.
|
|
|
| Report Abuse |
|
|