Why not make better password protection for RPG files?

From OHRRPGCE-Wiki
Jump to: navigation, search

The OHRRPGCE has gone through several different implementations of password protection, all of them bad. The current implementation is designed to be simple. It is basicly just a mark on your file that says "Hey, please don't open my file!". It will not stop anybody who is willing to put a little effort into breaking the protection and opening the game.

A password to prevent people from editing your game is just to inconvenience someone who wants to edit your game. It can not stop them. It is certainly possible to make a password system that is more inconvenient to bypass than the current system, but doing so could never make the file perfectly secure.

Encrypting the RPG file?[edit]

For example, suppose that we actually encrypted the entire RPG file using a strong encryption scheme like a 256 bit serpent cipher. The file would be very secure, but remember that GAME.EXE still needs to decrypt your game without a password for people to play it. That means we would have to hide a decryption key somewhere (maybe in GAME.EXE or maybe attached to your RPG file somehow) A system like that would be harder to crack than the current scheme, but as soon as just one person had figured it out, it would be trivially easy for them to make a program that cracked any RPG file.

Also, what about the fact that when GAME.EXE opens your RPG file, it unpacks all the lumps inside to a temporary folder? Someone could easily grab those files and never even have to break the encryption! Hmmm... well, what if we encrypt each lump separately, and only decrypt it in memory? It will slow down loading a lot, but then people can't steal those files.

...but it still has to be in memory. Anybody who knows how to use a debugger can view the memory of the programs they run. This is harder, it requires more hacking skill, but it is still very doable. Why don't we encrypt the data in-memory, and then decrypt it on-the-fly with some kind of dynamically changing key right before we need to use it? It will be really slow, but at least it will mean that someone trying to crack your game will have to work way harder to figure out how the in-memory encryption works.

Is your game even that cool? Do you think anybody is going to actually care about editing your game that much, that they would go through all that? Probably not. Does that mean you won? It means that your game is much more complicated now... and requires a much faster computer to run... but at least you blocked out the casual curious people, right?

Alice, Bob, and Eve[edit]

Some people dispute the idea that you can never make perfect protection. Some people don't believe that a sufficiently ambitious cracker can break any encryption. To understand the situation, you need to meet Alice, Bob, and Eve. (If you have ever studied encryption, communication, or information theory, you have probably met them already)

Alice and Bob are two people (or two computers), A and B, who are communicating with each other. Alice sends a message to Bob, and Bob sends a message back to Alice, and so-on. But their communication is personal (maybe they are writing love letters, I dunno) and they don't want anybody else to read it.

Enter evil eavesdropper Eve. She is trying to spy on Alice and Bob, and find out what they are talking about.

There are a lot of ways that Alice and Bob can encrypt their communications to make it harder for Eve to read it. Some, like Public-key cryptography are quite effective, and there is even One-time pad encryption which is unbreakable if you do it right!

"Unbreakable? I thought you said earlier that it was impossible to have perfect password protection for RPG files? Why not make a password-protection scheme based on one-time pad?"

Impossible. For a detailed explanation on why, you should read the Wikipedia article about one-time pads.

You see, suppose that you, the game maker, are Bob, and the player who downloads and plays your game is Alice. For her to play your password-protected game, she needs to have the "key" built into her copy of GAME.EXE so she can play your game.

But what about Eve? Eve is a player of your game too! She downloaded the same file from the same link, and is playing it on the same version of GAME.EXE! From a cryptography point of view, Alice and Eve are the same person. You can't lock out Eve without locking out Alice too, because you can't tell the difference between the two of them.

Anything Bob does to make it harder for Eve to play his game is going to affect Alice too, and anything Bob does to make it easier for Alice to play his game is going to affect Eve too.

Conclusion[edit]

Your ownership of your game is based on the honor system. It is up to you if you want to inconvenience your honorable players in a quest to thwart your dishonorable players, but as for myself, my decision is made. The OHRRPGCE will never support a password protection scheme more complex than the one it supports right now. (Of course, if you really want one, you are free to fork the source and try to implement it yourself)

See Also[edit]