I don’t need it to be too secure. Even md5, which is generally broken, is safer than what I need (as long as a collision cannot be found within 2 minutes, it should be 100% fine).
I need it for a videogame we’ll be making in a hackathon this weekend. We have a server which will simulate the core parts of the game and we need to synchronize the several players (we’re using socket.io and nodejs as comet server) and make sure no player is cheating by modifying values. Thus the checksum (if they send a valid checksum, which will compare to the one generated in the server, the user has the right stuff).
So, as long as the checksum is not too easily reverse engineered, it should be fine.
Also, since I don’t have much experience with online games (I have used sockets for some time in C, Java, Python and even PHP, though), it would be awesome if someone could recommend some readings on general patterns followed. All I found was a paper explaining why Age of Empires 2’s online kinda sucked 🙂
Thanks a lot
More ellaboration:
Every client has variables (objects with properties and etc.). Events happen at the client and thus states change. Depending on the states, the variables change. So, the client sends the states and a hash of the variables to the server. The server takes the new states from the client (which could be, for example, “right arrow is pressed”), checks if they are valid and then generates new values on the variables. Checks if the hash corresponds to the one sent by the client. If it doesn’t, it sends a synchronization message to the client, giving him new values to it’s variables. Then saves it all and sends updates to the other clients on the shared variables. (since not all variables can be seen by other clients)
The hashing is mostly for synchronization. I don’t know if it’s the best method, but it’s what came to mind. However, I don’t want a prick messing with the values if they are just a simply checksum (CRC32 for example) and not something more difficult to fake. That way I feel like synchronization will be easier.
Again, I don’t have experience with networking on videogames, but from other stuff I’ve done, this sounded logical. I appreciate all feedback.
Don’t trust the client. Use the server as a central authority, not for core parts but for all parts. Replicate as much of the game state as you can server side, and feed the clients that data. Don’t do any processing/as little as possible client side. No matter what values the clients modify the server will reject them.