- Joined
- Jul 10, 2007
- Messages
- 6,306
So, I designed a small save/load system for a friend recently. He told me that his code had been cracked by someone and he asked me to make a code with some security that would be nigh uncrackable.
So, the first thing I decided to do was generate a mostly unique checksum for each player based on the player name and a password. I decided to add a a password to scrambling too. These passwords are just added on to the player name (salt).
Then I hashed and took the absolute value of the hash and divided the checksum one by 62 (division to avoid overflow when multiplying in).
So now every single player had a pretty unique scrambler and pretty unique checksum.
Another method would be to have a checksum min and max, like 2394353-9524378
What I'd do is take hash%(max-min)+min and get rid of the divide by 62.
Let's try it with something like a hash of 1529586364
1529586364%7130025=3761014+2394353=6155367
These MIN_MAX values ensures that players will have checksums between a range of values (not too big (long codes) and not too small (not secure).
So you can possibly expect an Encoder 3 that will take these new security measures. I will also update Encoder 2 to use the password values, but I obviously can't change the checksum styles as that's not compatible with 3 =).
Another Look at the Proof of the Power of Scrambling
Keep in mind that this demonstration scrambles in base 10. Scrambling is normally done in binary, meaning that the changes are much more drastic. Also keep in mind that the first bit is not normally scrambled in since that would just mean that it could possibly be replaced with a 0 (that's never good). 01 -> 1, lol, don't want to get a 0 in front ^)^.
Value in base 36 (a-z)- 4LMOZR
Comparison-
21I3V9
4LMOZR
So, the first thing I decided to do was generate a mostly unique checksum for each player based on the player name and a password. I decided to add a a password to scrambling too. These passwords are just added on to the player name (salt).
JASS:
private constant string CHECKSUM_PASS = "~9g/y*a\\" //makes it impossible to get checksum with JASS w/o this code
private constant string SCRAMBLER_PASS = "d0l\\!`l+35-t" //makes it impossible to descramble via JASS w/o this codeThen I hashed and took the absolute value of the hash and divided the checksum one by 62 (division to avoid overflow when multiplying in).
So now every single player had a pretty unique scrambler and pretty unique checksum.
Another method would be to have a checksum min and max, like 2394353-9524378
What I'd do is take hash%(max-min)+min and get rid of the divide by 62.
Let's try it with something like a hash of 1529586364
1529586364%7130025=3761014+2394353=6155367
These MIN_MAX values ensures that players will have checksums between a range of values (not too big (long codes) and not too small (not secure).
So you can possibly expect an Encoder 3 that will take these new security measures. I will also update Encoder 2 to use the password values, but I obviously can't change the checksum styles as that's not compatible with 3 =).
Another Look at the Proof of the Power of Scrambling
Keep in mind that this demonstration scrambles in base 10. Scrambling is normally done in binary, meaning that the changes are much more drastic. Also keep in mind that the first bit is not normally scrambled in since that would just mean that it could possibly be replaced with a 0 (that's never good). 01 -> 1, lol, don't want to get a 0 in front ^)^.
Code:
Value- 123456789
Value in base 36 (a-z)- 21I3V9
Scrambling Key- 135
1,1
213456789
2,3
253416789
3,5
258416739
4,1
258146739
5,3
258136749
6,5
268135749
7,1
268135479
8,3
278135469
9,5
278195463Value in base 36 (a-z)- 4LMOZR
Comparison-
21I3V9
4LMOZR
Last edited:
Keep up the good work.
