> what are the arguments against using a simple key exchange with the > game-server to authenticate a client, an md5sum for multi-player > gaming if you like? both client and server could be free-software, yet > the client could not be modified without breaking sign-in with that > particular game-server. > > i know this has probably been discussed many times over. if so, it > would seem i'm not clear on where this theory falls down. > > cheers, > > julian >
The problem with an md5sum on a completely free program is that someone could simply modify their client to send the correct md5sum. Even if the server changes how its summed each time, you can simply keep a clean copy of the binary elsewhere on your disk and sum that instead of the actual running executable. The server has no way of trusting that the client didn't lie. Some games have tried having a secret string or algorithm in the "official" binary that does not exist in the free source code to achieve what you are proposing. A client based on the free code would only be able to connect to servers that allow it. That may work reasonably well if you ignore how difficult it would be to hide your string/algorithm from anyone who examines the executable. The problem is that your game is now non-free. You would need special permission from any contributors to let you distribute a binary without the source code that was used to generate it. Brandon _______________________________________________ Soya-user mailing list Soya-user@gna.org https://mail.gna.org/listinfo/soya-user