im using banks to save player data like xp, lvls n stuff
i also encrypt these values
however this only works when the saved values are not always the same since its not a "real" encryption but just multiplying, adding,... the values with some random numbers the user cant now
but what if i want to save achievements in the bank files where i literally just save 1 or 0 for each achievement? using that same method it would put the same numbers into the bank files and the user could easily find out which one stands for on and which for off.
i could just merge all numbers to a big one then save it as string, encrypt it and for reading it iterate over each char and decrypt again
not sure if that is the best method
so:
whats the easiest SAFE way 2 achieve this without actually coding a real encryption method?
Encryption adds no protection. It just obfuscates the data. Even when data is encrypted, by randomly mutating the data one will load different results.
You want to store a cryptographic hash of the data using a proven secure algorithm which is seeding in a unique non-standard way with reversible operations like bitwise rotation, addition and bitwise exclusive or. The protection comes from the random like nature of the output of cryptographic hashes combined with custom unknown logic, resulting in something that is hard to guess especially for someone without a computer science degree.
When the bank is loaded it re-computes the cryptographic hash of the stored data using the same algorithm and compares it with the stored hash. If there is a disparity the data has been tampered with and the load fails.
A strong cryptographic hash like SHA-256 combined with xoring with a map specific key, the SHA-256 of the user account identifier and some arbitrary but constant rotations will be more than secure enough to stop people modifying the banks directly. It will only be cracked by someone modifying/reading the triggers. It could technically be cracked without by an expert, but orders of magnitude more people will crack it by using the triggers directly so one can ignore those as a threat.
Do not try to invent a cryptographic hash algorithm. Chances are you will do it wrong since there is a reason millions of dollars are spent every year on developing them. The people who create them are extremely mathematically gifted and have years of experience with computer security. Best you can do is take a standard algorithm and modify it slightly using non destructive operators so that it produces non standard output which exponentially increases the complexity of solving the algorithm with respect to the number of transformations you apply. Hence the weakest point of security quickly falls to everyone being able to read the map script itself, so anything more extreme like encrypting the data as well becomes pointless.
As such encrypting the data on top of that is pointless unless you want to obfuscate what you store from the people themselves, which clearly is not the case for achievements when people know they have them.
im using banks to save player data like xp, lvls n stuff
i also encrypt these values
however this only works when the saved values are not always the same since its not a "real" encryption but just multiplying, adding,... the values with some random numbers the user cant now
but what if i want to save achievements in the bank files where i literally just save 1 or 0 for each achievement? using that same method it would put the same numbers into the bank files and the user could easily find out which one stands for on and which for off.
i could just merge all numbers to a big one then save it as string, encrypt it and for reading it iterate over each char and decrypt again
not sure if that is the best method
so:
whats the easiest SAFE way 2 achieve this without actually coding a real encryption method?
Encryption adds no protection. It just obfuscates the data. Even when data is encrypted, by randomly mutating the data one will load different results.
You want to store a cryptographic hash of the data using a proven secure algorithm which is seeding in a unique non-standard way with reversible operations like bitwise rotation, addition and bitwise exclusive or. The protection comes from the random like nature of the output of cryptographic hashes combined with custom unknown logic, resulting in something that is hard to guess especially for someone without a computer science degree.
When the bank is loaded it re-computes the cryptographic hash of the stored data using the same algorithm and compares it with the stored hash. If there is a disparity the data has been tampered with and the load fails.
A strong cryptographic hash like SHA-256 combined with xoring with a map specific key, the SHA-256 of the user account identifier and some arbitrary but constant rotations will be more than secure enough to stop people modifying the banks directly. It will only be cracked by someone modifying/reading the triggers. It could technically be cracked without by an expert, but orders of magnitude more people will crack it by using the triggers directly so one can ignore those as a threat.
Do not try to invent a cryptographic hash algorithm. Chances are you will do it wrong since there is a reason millions of dollars are spent every year on developing them. The people who create them are extremely mathematically gifted and have years of experience with computer security. Best you can do is take a standard algorithm and modify it slightly using non destructive operators so that it produces non standard output which exponentially increases the complexity of solving the algorithm with respect to the number of transformations you apply. Hence the weakest point of security quickly falls to everyone being able to read the map script itself, so anything more extreme like encrypting the data as well becomes pointless.
As such encrypting the data on top of that is pointless unless you want to obfuscate what you store from the people themselves, which clearly is not the case for achievements when people know they have them.