Security in pbem

[vira]

There is no security in games pbem. Your pass appear in files you send to your opponent and it´s too easy read it. Why is this possible????????????

[rkr1958]

There is no security in games pbem. Your pass appear in files you send to your opponent and it´s too easy read it. Why is this possible????????????

I'm not sure what you're getting at. You and your opponent have a password. If you're playing with fog of war on then your opponent will only be able to see of your units what the spotting range of his units allow him to see.

If your opponent is bent on cheating there are two ways he can do that. The first is to keep playing his turn, but not saving it, until he gets the result he wants. The second, which is more devious, is to change critical values to his favor in certain data files (e.g., cost of units, number of rail points, etc.).

For me it comes down to trust. You have to trust your PBEM opponent.

One thing that we're looking at in CEaW Grand Strategy is to embed all data file values into the game at initiation of the game. Once embedded then changing values in these data files won't affect saved games. While this thwarts the more devious method of cheating it's biggest benefit is that it prevents accidental and innocent mismatch of these data files and values between two players. This accidental and innocent mismatch can occur if one of both players change these values to play a second game with another player and forgets to change them back when playing the first game.

[PanzerGeneral]

There is no security in games pbem. Your pass appear in files you send to your opponent and it´s too easy read it. Why is this possible????????????

I'm not sure what you're getting at. You and your opponent have a password. If you're playing with fog of war on then your opponent will only be able to see of your units what the spotting range of his units allow him to see.

If your opponent is bent on cheating there are two ways he can do that. The first is to keep playing his turn, but not saving it, until he gets the result he wants. The second, which is more devious, is to change critical values to his favor in certain data files (e.g., cost of units, number of rail points, etc.).

For me it comes down to trust. You have to trust your PBEM opponent.

One thing that we're looking at in CEaW Grand Strategy is to embed all data file values into the game at initiation of the game. Once embedded then changing values in these data files won't affect saved games. While this thwarts the more devious method of cheating it's biggest benefit is that it prevents accidental and innocent mismatch of these data files and values between two players. This accidental and innocent mismatch can occur if one of both players change these values to play a second game with another player and forgets to change them back when playing the first game.

What vira means is that the passwords are visible as plain text in the save file
I noticed this when I was looking through the save file in order to check if I could spot the game start parameters (which I had forgotten).
Mutual trust is key word when playing PBEM games. Personally I am a naive person thinkng that my opponents would not do such a thing.

[gerones]

There is no security in games pbem. Your pass appear in files you send to your opponent and it´s too easy read it. Why is this possible????????????

I'm not sure what you're getting at. You and your opponent have a password. If you're playing with fog of war on then your opponent will only be able to see of your units what the spotting range of his units allow him to see.

If your opponent is bent on cheating there are two ways he can do that. The first is to keep playing his turn, but not saving it, until he gets the result he wants. The second, which is more devious, is to change critical values to his favor in certain data files (e.g., cost of units, number of rail points, etc.).

If this game would have last turn PBEM replay option then there wouldn´t be cheating suspicions because you could you see your opponent last turn and more or less you could see if your opponent is cheating or not.

[IainMcNeil]

I have no idea why it is plain text - this is a question for Johan!

[vira]

I have no idea why it is plain text - this is a question for Johan!

Plain text is text without format.
Open a text file with notepad and ther is it.
Open a saved game with notepad and there will be the passwords.

[IainMcNeil]

I think we all know what plain text is

I wonder if this is something the BJR mod can sort out as they are already making changes.

[firepowerjohan]

The saved games are in .data format , objects saved by Java so they are not totally plain text. There are other cheats with PBEM also, but I wont mention them because that would just spoil the fun for some. If you know how to read the passwords from the .data files pls let that information stay with you and do NOT post a it on this forum. I know it might be very tempting to show off your skills and intelligence by posting it but pls do not.

Also, I strongly recommend ppl that find PBEM too lacking in security to instead play TcpIP and we have several timer options also to speed up that play. I personally recommend using the 7 or 5 minute per turn because unless you are very expert and have very fast machine you will find faster turns than that will be a major problem in 1942 and onwards when the east front is starting to get busy

[vira]

It´s not a question about "skills" or "intelligence", simply a "bug". Why can´t be notice everyone?. Why only I few would know?. I think it´s better everybody knows, instead a fews.
Knowledge is no the problem; but silence, maybe! (My hummed opinion)

[rkr1958]

I think we all know what plain text is

I wonder if this is something the BJR mod can sort out as they are already making changes.

It looks like we've gotten a working prototype of a password obfuscation technique. Our development team is in discussion on whether or not it'll make it into our next beta release (b19), which will be Sunday. If it doesn't make into Sunday's release it should make it into the one after that (b20).

I would post a picture showing before and after the application of our prototype obfuscation technique but I don't want to spill the beans on how to get the password in the first place.

[IainMcNeil]

That's great news guys!

[vira]

I think we all know what plain text is

I wonder if this is something the BJR mod can sort out as they are already making changes.

It looks like we've gotten a working prototype of a password obfuscation technique. Our development team is in discussion on whether or not it'll make it into our next beta release (b19), which will be Sunday. If it doesn't make into Sunday's release it should make it into the one after that (b20).

I would post a picture showing before and after the application of our prototype obfuscation technique but I don't want to spill the beans on how to get the password in the first place.

Fantastic!!! great news that make grow a big game.

[rkr1958]

Also, along these same lines we have in alpha testing a new PBEM "security" feature that verifies that the general.txt file that your opponent used last turn contains the same data that the one you're using. The general.txt file in CEaW - Grand Strategy has been significantly expanded and contains a large number of variables that players can configure and tweak, if they're so inclined, to their heart's desire. This new security feature, which is only implement for PBEM play, will alert you if you're using different values from you opponent. It will then give you the opportunity to abort loading the game or continue on and use the values in your version of the file.

This feature will help players who like to tweak these values keep these files in sync when playing each other. On a more sinister side; however, this feature can be used to prevent someone from cheating by changing values in their version of the general.txt file and playing their turn with them. If they did this then their opponent would be alerted when they tried to load the game.

If you were to unexpectedly receive this alert when loading a game (i.e., no agreed on changes were made to the general.txt file), it would be straightforward to resolve whether or not this was innocent or sinister on your opponent's part, if there was any doubt. What you would do would be to abort loading of the game, notify your opponent of the check alert, request a copy of their general.txt file, rename your copy (e.g., 0.general.txt) and load the game with your opponent's version. If you still get the alert then this tells you that your opponent didn't send you the version that they played their last turn with. In that case, you'd need to keep iterating with your opponent until you do get the correct version that lets you load without alert or until they stop responding to you. If it does load without the alert, which tells you that was the version they used, then you would quit the game (NOT end your turn) and difference the two versions. Once you identified the differences then you and your opponent could decide either to restart your game or to continue with one given version.

We expect this feature to be in our next beta release (b21), which will be release on Sunday to the beta testers. This is the last planned feature for CEaW - Grand Strategy Version 1.00. Any other beta releases will be either for bug fixes or game tweaks. Again, our timeline is for release of this mod to Slitherine at the end of this month (November 2009).

[vira]

Also, along these same lines we have in alpha testing a new PBEM "security" feature that verifies that the general.txt file that your opponent used last turn contains the same data that the one you're using. The general.txt file in CEaW - Grand Strategy has been significantly expanded and contains a large number of variables that players can configure and tweak, if they're so inclined, to their heart's desire. This new security feature, which is only implement for PBEM play, will alert you if you're using different values from you opponent. It will then give you the opportunity to abort loading the game or continue on and use the values in your version of the file.

This feature will help players who like to tweak these values keep these files in sync when playing each other. On a more sinister side; however, this feature can be used to prevent someone from cheating by changing values in their version of the general.txt file and playing their turn with them. If they did this then their opponent would be alerted when they tried to load the game.

If you were to unexpectedly receive this alert when loading a game (i.e., no agreed on changes were made to the general.txt file), it would be straightforward to resolve whether or not this was innocent or sinister on your opponent's part, if there was any doubt. What you would do would be to abort loading of the game, notify your opponent of the check alert, request a copy of their general.txt file, rename your copy (e.g., 0.general.txt) and load the game with your opponent's version. If you still get the alert then this tells you that your opponent didn't send you the version that they played their last turn with. In that case, you'd need to keep iterating with your opponent until you do get the correct version that lets you load without alert or until they stop responding to you. If it does load without the alert, which tells you that was the version they used, then you would quit the game (NOT end your turn) and difference the two versions. Once you identified the differences then you and your opponent could decide either to restart your game or to continue with one given version.

We expect this feature to be in our next beta release (b21), which will be release on Sunday to the beta testers. This is the last planned feature for CEaW - Grand Strategy Version 1.00. Any other beta releases will be either for bug fixes or game tweaks. Again, our timeline is for release of this mod to Slitherine at the end of this month (November 2009).

We´ll wait for it

[rkr1958]

general.txt verification security feature in CEaW - GS will now be implemented for all saved games (i.e., PBEM, Hotseat, vs AI, TCP/IP).

[gerones]

I was wondering if it could do something similar for preventing cheating the same way this has been done to prevent a password to be read and to prevent your opponent play with other settings.

[rkr1958]

I was wondering if it could do something similar for preventing cheating the same way this has been done to prevent a password to be read and to prevent your opponent play with other settings.

I think what we have here will prevent a player from changing these values to more favorable values during their turn. However; this will only remove one way that a player can cheat just like the password obscuration did. If someone is bent on cheating then nothing will probably stop them. They can always load the game and keep playing their turn until they get the best result possible. Maybe I naive but I have to believe that the number of people who cheat in a game like this has to very low. It's just a game and what do they really gain if they cheat? The ability to say they beat so and so? I just don't see it ...

In reality this feature was put in place to help players who are playing a game in good faith to identify a situation when their general.txt file is out of sync with the game that they're playing. This can happen if one or both players are tweaking these values to try different things and forget to change them back when they load the game. Prior to this feature both players would continue on with the game and not know that they were playing with different game variable values.

For example, during play testing of our initial mod (which used house rules) we were regularly making tweaks to the general.txt file during the play of any given game. By accident, I compared files that I was using against those for our "official" release and I discovered I was using different sea transport and rail overuse costs than Borger and Jim were using in our two games. I had no idea and they had no idea that we were playing with different values. If we'd had this feature then one of us would had be notified on game load that one or more general.txt values were different and this would have allowed us to find the different and correct it right when they went out of sync and not later (if ever) by accident.

[Peter Stauffenberg]

Cheating to make a significant change to the game outcome is not easy. You can only save at the end of the entire turn and not in-between. Thiis means that if you reload just because you got a poor result in one of the numerous combats during the turn then you have to replay all combats again and can get a bad result in a combat where you got a good result before you replayed. So if you have a poor strategy, but want to compensate by cheating then you need a long string of good results and the probability for that is not high. You can replay your turn 100 times and if you're worse off than your opponent you will still get a mixture of good and bad results.

I think the cheating probably works best to get intelligence data you otherwise wouldn't. But there is a limit to what you can repair with underserved intelligence if your playing style is poor. E. g. if you discover the Allies have sent an invasion fleet against Turkey you can't do much to stop that. If you try sending the subs to different locations to spot the convoys then you can inflict more damage than you should, but later in the game you will only find escorted convoys so it won't work anymore.

The biggest downside of cheating is that your opponent will become wary e. g. because his attempts to surprise you always fail, you succeed with dubious attacks every time, you always have the right forces at the right place. If this happens regularly then your opponent will realize that you might be cheating.

A poor player can't beat a great player in GS by cheating. All he can do is to reduce the level of loss. E. g. you can't teleport units from poor locations. So if your strategy is poor you can't repair that by cheating.

I think the risk of cheating will increase if you gain something by cheating like getting a better rank in the ladder or something. But eventually your opponents will realize what you're doing and stop playing against you. Then you can sit there playing against the AI and cheat as much as you want. The AI will never complain.

So I'm not very afraid of cheaters. They can be spotted over time. Then you simply avoid playing against these players. The changes we make to GS will reduce the risk of cheating and more important reduce the risk of players using different game values (in general.txt) without knowing about it.