A friend tried to explain the md5 byond proc thing to me, but failed lol. (sorry Verm)
But anyways could someone show me an example on how you would hashing for savefiles?
ID:158729
 Jul 8 2009, 8:14 pm
|
|
Generally when people speak of savefile hashing they mean storing a value inside of the savefile that is a combination of variable values passed through md5(). This way if someone edits a variable in the file the same process will create a different hash when they load the file and you run it through the same process.
So checking the saved hash against the valid hash will result in an inconsistency and you'll know the file is not valid. | |
Wow that was THEE most, complicated way of explaining it, possible.
var/hashed I would comment, but I'm not felling too well =( | |
No what I wanted to do originally was use my shell as a central save server, but that didn't turn out well, so someone suggest Client Side Saving, so I said no because the savefiles are editable, and they said something about md5 and hashing.
| |
Basically, the purpose is to save some combination of the data in a savefile in an additional location, in order to verify that it was not modified. As a simple example:
mob Now, obviously, this isn't particularly secure, because they can modify that levelcheck entry just as easily as they could modify the level entry. This is where the md5() proc comes in. Quite simply, it turns a text string into a mess. So, for example, if we were to call md5("1"), we'd get "c4ca4238a0b923820dcc509a6f75849b". md5("2"), however, gives us "c81e728d9d4c2f636f067f89cc14862c". So now, we can store THAT in the levelcheck entry in the savefile, and check if F["level"] still hashes to the same thing. Somebody editing the file won't know what that mess of characters means, and the hash only goes one way (it's not possible to reverse the process and get "1" out of "c4ca4238a0b923820dcc509a6f75849b"). Of course, everybody else has that md5() proc as well, so a savvy cheater might just change their level to 100 and the levelcheck entry to md5("100"). So, one more bit of trickery is involved: you have to give md5() your own combination of variables and text. So, for example, "[level],[name],balrglhargl,[experience]". A player would then need to know what that string is in order to edit that hash properly, and they would need to edit that hash for the savefile to be accepted. So, what we'd have would look like this: mob Note that the hash only protects variables which are included in the hash. So, in that example, a player would not be able to modify level, name, or experience without the savefile being rejected. However, they could easily modify gender, because they wouldn't need to change the hash. And on a final note: you should also be encoding the entire savefile in some reversible process (which is not a hash). It's a rather important security measure, and you should be able to find a library that can do that. [edit]Oh, right. Probably the best thing to do is for your hash to start with md5(F), which will give a hash based on your entire savefile. Then, take THAT hash, and run it through md5() again, with some other chunks of text tossed on there which will serve as your "password". | |
Here's an example of how you could use it
mob
var/Password="Blah"
verb/Set_Password(var/Pass as text)
Password=md5(Pass)
verb/Check_Password(var/Pass as text)
if(md5(Pass)==Password)
world<<"Yep that's your password"
else
world<<"Maybe you should set your password?"
world<<"Or did you forget your password already..."
/*In laymans terms all md5 does is scrambles up your text in an irreversable way so you don't risk the original being found out or at least that's why I use it. */