[SUGGESTION] RSA encrypted authentifications for 0.6 (Page 1 of 2)

So, to summarize, your solution is to make TeeWorlds not open-source. I have a simpler idea : just don't release the source.
But as already said so many times, TeeWorlds must stay open-source.

Even if this doesn't prevent all cheating this prevent at least from bots, which is the most problematic cheat. It also prevents from zooming out and auto-join.

Read it well. It will just mark the client as non-pure... you still can compile the sources and get a full-working client, there will just be broadcast that this is not the official client.

Of course, if servers want to allow bots, they can (as I said there should be a command, mostly for lan client testing).

I don't think that making a private key would destroy the nature open-source of teeworlds. I don't know the exact definition, so perhaps it's true you couldn't call it open-source, but I just give a way to mark pure clients... nothing more.

It will still be possible for a client to send the correct public key, just extract it from the "signed" binary and send that. All these ideas won't really stop anything, just make it a bit harder.

The trusted client (the binary) contains the private key, which can be extracted by means of debugging and reverse-engineering.

I'm sure you can't

i totally aggree with torch´s first post  to much effort for a minor problem. First of all where do we have most cheaters? in Instagib ( Original a trainings mod for the new weapon screw you chi1 !!! for being a lazy ass ) and not vanilla. For me i have never seen a bot owning that hard in vanilla

The devs don´t care about mods except those mods which provide an advantage in vanilla ( some mod clients well there are other topics for this issue).

In the end the only solution for this issue is:
- Play on thrusted servers
- Play Vanilla or else don´t complain about bots

This is only about thrust between players, if your opponents can´t play fair then just don´t play with them. Last thing needed for this is an account system to verify that it is really you who is playing with that nick.

An answer from a vanilla-man. There have been many discuss about that, and I think we shouldn't keep it closed, that is linked to all topics about making instagib official, and if or not devs should care about that and provide some stuff to avoid cheats on instagib.
I have my opinion and many argues, but I will try to do not deviate the way of this topic.

Thanks, that is really info. I haven't thought at all about that... yeah unfortunately it will just make it harder.

Really, if my post is so large, this is because I wanted you to understand well what RSA encryption does. Implementing it is easy, and very fast at execution. That is NOT a huge effort.

I think it could be effective, but devs do not seem to care a lot about instagib, and chose to do not spend many time to that. I understand that, and it's why I try to afford some ideas, but I really think this fight isn't hopeless. And it does not concern only instagib, to see how magnet and matricks defined cheat clients.

Thank you a lot, I will work on this when I will manage to compile (Windows 7, be damned !). I studied this encryption last year, and I can do all the mathematic parts. About the informatic one, I will perhaps need some help to see how bad I am in networks, but I think I will get it.
However I think hacking that will be long, hard and will require skills few people have, so I really don't think anybody will try to do this for a tournament. Nevertheless, I will encourage everybody to do this if he can.

Thanks.

To conclude, I agree with you that this won't stop for a long time cheating, and that it ai'nt a nice idea to include that in 0.60. I'm thankfull to everybody for this useful feedback.

Edit : Please do not close this topic, I will release some sources/binaries

Don't release binaries, it would mean losing the edge.

Program it, and the day there is a tournament, provide the server to the admin and let only registered players download the client. Change the key every day or every few games (that means restarting the server too).

After a few days the key might be reverse engineered so it would be too late to be trusted (or I would have done this for tournaments before), the only thing left is to buy time using steganography and making it harder to find the new encryption key. That's what MMO developers spend their life doing instead of implementing new features.

As we have said many times before, this is an endless fight with no hope of real victory. As long as people control software on their PCs (and that's something we all hope for anyway). You might as well try to remove cheaters from the Internet .

But the positive side of that particular method is that it actually works for some time, but it is solely based on the trust you can put in the key.

As ghost said, it won't provide ad-hoc cheats such as aimbots that run in DLLs (for that you need to run a tool on TW's client code for each trusted client release that changes the hooks/memory addresses the DLLs are looking for).

You mean to change the private key ? This would imply that I must provide new clients every day. You really think it is needed ? By the way I think we can add a command to change the server public key, which is composed of two unsigned numbers, so that we don't have to restart the servers.

You really think the key on the client can be reverse-engineered in 1 hour or so ?

the man issue that its easy possible to cheat here is that this game is an open source game !!!!!

it could drastically lower cheating, because most botters and votekickers don't make their cheats--they download it online in the form on a client. right?