Whats up with cash cubes.. still ingame? Saw someone talk about being bugged and getting one 2 nights ago.

Would be nice to have them. As a way to transfer cash between toons and what not.

Even have the option to store cash in the gogo... Would be sweet.

*adds to brainport*

Cash cubes don't exist anymore, havent for a looooooooooong time.

Cash cubes don't exist anymore, havent for a looooooooooong time.

Indeed long gone.

One of the reasons I put logan in his own clan was to avail of the bank!
The 20m credit limit on a single char kinda made that essential ;)

As for passing cash? I either dual log or use a trusted in game friend.

If you have neither of those then your a bit stuck tbh.

As for passing cash? I either dual log or use a trusted in game friend.

If you have neither of those then your a bit stuck tbh.

Well ill be making a 2nd account soon.

As for trusted friends, yup i usually ask em to help out.. but its kinda weird u cant move money around without another runner.

Cashcubes have been removed due to technical issues. Further evaluations have shown that it was not possible to make them invulnerable to exploiting attempts.

wtf happened to the Gira Bank, paying for all the advertisement space and not even existing, hahah. How long could it possibly take to implement a personal banking system, it's already there for clans.

...and it's kind of BS that LE'd runners can't be in clans.

Cashcubes have been removed due to technical issues. Further evaluations have shown that it was not possible to make them invulnerable to exploiting attempts.

Dam Exploiterz!!

Shame another method could not be employed, or could it?

Dam Exploiterz!!

Shame another method could not be employed, or could it?

stealth clans.

make a bank account that would act as if it was a clans money account, only the clan wasnt created.

or just copy the clan creation part and then make it not show up on the clan listings. then you could still have the bank thing from the clan with "members"/"card holders" attached.

Cashcubes have been removed due to technical issues. Further evaluations have shown that it was not possible to make them invulnerable to exploiting attempts.

Probably already been thought of, but what about not allowing cashcubes to be stackable by making every cashcube unique to the point of "Playername's <amount of cash> credits" -- so that way using cash cubes would be no different from the creator clicking you and transferring that amount of credits? Or assigning a unique id to each cube as well.

This way it could be easy to track duplicates, if that was the concern.

Then again, I have no idea what the neocron code looks like, so maybe that's hard to do, or it has some other unforeseen consequences.

.. just an idea.

a maximum of 250k per cube would be good.

If theres really a dupe exploitppl dont make cash they copy they 5slot CS,GoldPA whatever

250k limit per cube is ok

Probably already been thought of, but what about not allowing cashcubes to be stackable by making every cashcube unique to the point of "Playername's <amount of cash> credits" -- so that way using cash cubes would be no different from the creator clicking you and transferring that amount of credits? Or assigning a unique id to each cube as well.

This way it could be easy to track duplicates, if that was the concern.

Then again, I have no idea what the neocron code looks like, so maybe that's hard to do, or it has some other unforeseen consequences.

.. just an idea.

arent dog tags uniquely coded?

I think the dog tags show the name, faction and combat / skill rank of the player at the time of death. If it does then it's unique.

If it updates based on the players last known faction and combat / skill rank from when the player was last online, then it's not unique, but dependant.


But as said i cant remember if its one of the other way.

I think they are uniquely made, so it would be that code they could re-use for your proposed solution.

I think the dog tags show the name, faction and combat / skill rank of the player at the time of death. If it does then it's unique.

No, it just means that this data or a reference is stored with them.

It does not mean that there might not be another thing with the very same data, and thus it might not possible to check by sololey comparing if such a dogtag is from a valid source.

I seen someone a month or so ago that had a Cashcube. Was even showing it to people in trade.

There are Cashcubes and Cashcubes ...

What i mean: There is a questitem called "Cashcube" but it isn't a real cashcube with it's functionality.

There are Cashcubes and Cashcubes ...

What i mean: There is a questitem called "Cashcube" but it isn't a real cashcube with it's functionality.

All the ancient cashcubes from when they worked were made into broken cashcubes aswell werent they?

So even those from back in the day would be called "broken cashcube", right ? or have they been completely eliminated from the game?

---------


As for the uniqueness of dog tags and so..

Even though it is just a reference point, they have to have the data saved somewhere for it to refer to... since the rank thing changes constantly.

So can't they just make a reference point for the cashcubes, then when someone opens the cashcube and removes money from it, then it updates the reference point with how much money is now in that reference point.

That way any "clones" or "dupes" would all have the same reference point right?

And that way they wouldn't be able to abuse it, because for each time they dupe it, the item would just have the money of the reference point, so if either one of the ones holding the cashcube or a dupe of it, empties the cube, all the others would be emptied at the same time, because they are using the same reference point..


Or is there something that I've completely misunderstood? (I am basing these on a shitload of assumptions, so I might easily have misunderstood a thing or ten).

That way any "clones" or "dupes" would all have the same reference point right?


Yes, but that is also be possible for legal sources.
If you have two "Dogtags of Victim, Anarchy Breed 47/53" then this does not imply that this item was duped. You could have just killed him twice.

Same goes for "Cashcube created by RichGuy, 1748253cr" without adding a semantical independend unique identifier to the data, it's not possible to ensure uniqueness and trace illegal copies.

Well and the last info we got on unique item IDs was that they were dropped.

Yes, but that is also be possible for legal sources.
If you have two "Dogtags of Victim, Anarchy Breed 47/53" then this does not imply that this item was duped. You could have just killed him twice.

Same goes for "Cashcube created by RichGuy, 1748253cr" without adding a semantical independend unique identifier to the data, it's not possible to ensure uniqueness and trace illegal copies.

Well and the last info we got on unique item IDs was that they were dropped.

What about if you time and date stamp it using the ingame time-date ?

Then the reference point would be the same for duped, but become a new one if you went to the "bank" and requested a cube.

Cashcubes have been removed due to technical issues. Further evaluations have shown that it was not possible to make them invulnerable to exploiting attempts.

would there possibly be a way of say sending money through in game email. a kind of wire transfer via a city com for example? then its not official items that can be haxed but rather a decrease of one chars total money and increase elsewhere.

Yeh thats a simple little feature that should be in-game in my opinion. I've heard many noobs asking on help if there is a way they can transfer money to their alts without having to use a middle-man.

Cashcubes have been removed due to technical issues. Further evaluations have shown that it was not possible to make them invulnerable to exploiting attempts.

Then remove the money cap, problem solved, if that causes problems with the ingame economy then fix it, if something gets too expence then increase the drop rate. See this is what I don't like about KK, they can't see outside of anything, its always this is not possible, are you guys robots or something 0.o?

The money cap was a nice idea but it don't work due people using clan banks and its not practical in the first place to have a money cap, that leaves everything to just sit there. Without the money cap you can see exactly whats happening with the items in game just by looking at how much something is selling for and how much it sold for a few months ago. If you can't even remove the cap, then wtf is the point, we go no where I guess if thats the case.

God damn dumb ideas from everyone when the answer is removal of the money cap, its just sorted without even thinking my god...

i think things are very cheap atm compared to just a year ago

Hehe This gets me thinking, it really does, the market in neocron imo has much room for improvement, it needs to be more dynamic, very carebearish stuff I'm sure.

But one of the carebear things that has me hooked in EvE is the markets, how they change constantly, through players actions and also changes with patches. I really love that sort of thing happing in a game I play, adds alot of extra activity through just people trading items. I thought about how it could work for Neocron, I came up with certain sectors offering better contruction and research bonuses with the risk of being killed in a non safezone. But then theres the problem of whats stopping people using them bonuses and then selling in a safezone such as the tech haven. So I came up with a solution to that problem... Licences, you would have to have licences to sell stuff to other players in certain places, they could be graded, you pay alot to sell stuf in a safespot such as the TH. You pay a heck of alot less to sell at the location it is built, which makes sense, basically they could make it expensive to contruct in the tech haven or plaza 1. But make it much cheaper to constuct in a certain location with better prices on part and lube, so in the end it would always be better by about 30% to sell in the cheaper location but with risk!

/edit you could also buy licences that let you sell anywhere but for a heavy cost but players could also exploit that if they are clever, for instance someone wanting an item like now of in the middle of the wastes.

Then remove the money cap, problem solved, if that causes problems with the ingame economy then fix it, if something gets too expence then increase the drop rate. See this is what I don't like about KK, they can't see outside of anything, its always this is not possible, are you guys robots or something 0.o?

The money cap was a nice idea but it don't work due people using clan banks and its not practical in the first place to have a money cap, that leaves everything to just sit there. Without the money cap you can see exactly whats happening with the items in game just by looking at how much something is selling for and how much it sold for a few months ago. If you can't even remove the cap, then wtf is the point, we go no where I guess if thats the case.

God damn dumb ideas from everyone when the answer is removal of the money cap, its just sorted without even thinking my god...

Actually the money cap will never be removed.

[ edited ]

What about if you time and date stamp it using the ingame time-date ?

Then the reference point would be the same for duped, but become a new one if you went to the "bank" and requested a cube.

What you would do is store a hidden attribute on the object, with a randomly assigned number as the value. So you CAN have two objects labelled "Cash cube from Naimex, 250000 cr" but they have different IDs that you have no control over.

Once this number is assigned to the object, you simply wait to see if it gets redeemed more than once. Sure, that might mean creating a database table with a list of used IDs, but that's not too bad. Modern heavy databases, probably something that Neocron already uses, can handle tons upon tons of records, so having a table of used cashcube IDs and their owners/redeemers isn't too bad.

Worried about the server assigning the same random number twice? Well, you can also add a field for the amount of cash -- but also:

Since the number is big, like, say, 256 bits (that means, it can be from 0 to 2^256 - 1), and random, you never have to worry about the server assigning the same number twice. Something like taking the SHA of (time || random/urandom || credits) should be more than enough.

Why should you never have to worry? Because then Reakktor just broke* SHA256 and probably is eligible for a reward, at the least, from some branch of the German government (e.g. BND/BSI :p) -- and then everyone has to worry about a lot more things :p

Edit: *Clarification -- found a collision for.

Actually the money cap will never be removed.



FFS...

If people dupe than BAN them like everyother game? Why can't neocron also be like everyother game with regaurds to duping.... They should fix the damn exploits not punish other players thx.




Thinking further...


Currently whats the point in owning every outpost on the map?

I think its stupid that a clan owns a factory but never really uses it other than just for the contruction buff... I think a clan owning it should be making cash from selling items constructed from the factory, does that make sense? I also think they should get a better buff than there is currently and be able to charge people to use the facilitys and they decide how much people pay for them. A fortress can let people pay to lvl faster and do more damage to mobs, a lab can help greatly in researching rare parts or other stuff, a factory can give a great contruction buff and with licences means you can sell on site and for less TAX.

Something like that...

/edit voodoo there is exploits happening in every game, its easly spotted... People who cheat are fucking stupid anyway and just stand there to been seen. Someone with billions for instance with no mob hunting no player trading other than between his alt = BAN once investigated.

/edit also if this was so annoying to do then it just shows you how numb these people are, they don't have a brain its so easy to spot them, they even cheat at life.

/edit again.. The second anyone with a brain catches them and bans there ass they act like they are a victim, seen it happen all the time especially this game, they are sad little losers.

Sorry Ghargoil, numbers are not your strength ;)

- random number collision is much more likely (if you randomly chose 1/5th of the pool of available numbers, the collision chance is approx 50% - see the birthday paradoxon for further literature on that.
- 256bit random value from a standard RNG has nothing to do with SHA. Well actually SHA is a very special deterministic RNG optimized for long seeds. (So the induction would be the other way around)
- Why chose a RNG to get a unique number, when you could just count up? And thus don't need to check for duplicates.

------

Let us sum up the information we got:
- itemids (unique item numbers) will not be implemented
- cashcubes are gone for good

------

The cashlimit was also introduced against problems that occured due to a very special way NC1 handled the personal cash data, leading to cashloss for users and some "supernatural" effects.

Since this was changed (remember the massive abuse of the 10+ million credit bug at the end of nc1) i am willing to join the question for a higher (1 or 2 billions?) limit.

Cashcube? No thanks. We had some bad scenarios already, no need to try and catch the worst.

Yes the databases can handle insane amounts... (im working with 220 000+ row tables every day, and that's not even "a lot" in comparisance to others.)

The problem is often in the codes, big databases takes some time to go through when you are looking for something specific, which would just cause the game to find the items slower, and we dont want that.


--------

As for people coming up with dumb ideas...

Well, we are bound by the topic title to relate our answers to that, even though the ideas may be stupid, one of the things that this thread asked was how cashcubes could work.

And with brainstorms, you just think a thought and explain why you think so, and then as you go along you get a lot of weird, silly, good, decent, serious, funny, new, old, well you get the idea, ideas and solutions.

The solutions may not actually solve anything, they might not lead to anything, but they have been thought of and presented.

And in order to find the ideal solution, you must:

- See a problem.
- Find the reason for the problem.
- Find ways to solve or circumvent the problem.
- Find the best way if any to solve the problem.
And finally
- Solve the problem.

If you don't think of all the various ways to solve a problem, how will you know the one that was chosen was the best way?



People think in various ways, thats why we get various solutions, and various aspects of a problem, and why we are able to solve any problems at all.


Just think if the first caveman back then just burned his hand and thought screw this crap and went back and smashed his cavewoman in the head with a big chunk of wood....

I'm happy he burned his hand, told the others that big glowy thingy that keeps you warm and makes your food taste different, hurts, and they then all sat down and tried to find various ways to make it not hurt when being used...

I'm certain more than one of them gave their lives in the pursuit of the way to cook a sabertooth without getting burned.

Sorry Ghargoil, numbers are not your strength ;)

- random number collision is much more likely (if you randomly chose 1/5th of the pool of available numbers, the collision chance is approx 50% - see the birthday paradoxon for further literature on that.
- 256bit random value from a standard RNG has nothing to do with SHA. Well actually SHA is a very special deterministic RNG optimized for long seeds. (So the induction would be the other way around)
- Why chose a RNG to get a unique number, when you could just count up? And thus don't need to check for duplicates.

------

Let us sum up the information we got:
- itemids (unique item numbers) will not be implemented
- cashcubes are gone for good

------

The cashlimit was also introduced against problems that occured due to a very special way NC1 handled the personal cash data, leading to cashloss for users and some "supernatural" effects.

Since this was changed (remember the massive abuse of the 10+ million credit bug at the end of nc1) i am willing to join the question for a higher (1 or 2 billions?) limit.

Cashcube? No thanks. We had some bad scenarios already, no need to try and catch the worst.

Well I'd agree that 100 million from 20 million would be much better but if the expliots are really a big problem maybe 1 billion would be asking for trouble. But I'm sick of limitations like that, it seems so dumb to me they can't fix that after 6 years, I'm really not here to bash KK if people think that. I just want them to do things right befor I'm ready to throw more cash thier way. Some people have stayed and played regaurdless but i bet they never played another game with as much seriousness as Neocron, well I have and this is not good enough for the cash they ask for.

Also if they KK always go about saying something is not possible then how can anything be possible, they are basically screwing them selves everyday. Its the same with player shops, they rant how its not possible or not easy, this is total bullshit, I'm no coder but if I was I'd be better than any coder working on this game, I'd see everything as possible and so it would be.

Thats the difference.

Well there will always limits in amounts, some think about them others don't.

I remember another mmorpg where they didn't implement a hard cap for cash that left you with a huge negative amount of money if you earned too much.
Billions should do it and be safe, with the ia32-words.

/edit also if this was so annoying to do then it just shows you how numb these people are, they don't have a brain its so easy to spot them, they even cheat at life.

/edit again.. The second anyone with a brain catches them and bans there ass they act like they are a victim, seen it happen all the time especially this game, they are sad little losers.


Banning them isnt the problem, they use trial accounts

or buy copies for £2 including delivery of neocron. Run the exploits and make millions... the money cap is one of many ways to protect against mass money duping

Well there will always limits in amounts, some think about them others don't.

I remember another mmorpg where they didn't implement a hard cap for cash that left you with a huge negative amount of money if you earned too much.
Billions should do it and be safe, with the ia32-words.

Well I never saw another game with a cash limit, and things become expensive due to inflation but the devs use this to the better of the game. They can better control stuff this way and see where thier own game is going and act accordingly and alter loot tables and make better cash sinks. No real limits for the hardcore market guru but cash holes in place for the average player etc.

Banning them isnt the problem, they use trial accounts

or buy copies for £2 including delivery of neocron. Run the exploits and make millions... the money cap is one of many ways to protect against mass money duping

You're narrow minded.

Do other games get as many problems with this?

/edit just because of the problems you stated, it should not hold people back in this game, it should be dealt with, with swift action, trial accounts could have a cap of 1 million sorted... no?

Hell other games have done it, trial means limitations from the full game, that could mean no player trading no lvling up past lvl 10 etc

Well I never saw another game with a cash limit, and things become expensive due to inflation but the devs use this to the better of the game. They can better control stuff this way and see where thier own game is going and act accordingly and alter loot tables and make better cash sinks. No real limits for the hardcore market guru but cash holes in place for the average player etc.

There is i.e. one for WoW's gold (214748g)
There is for AC (2.44mio cash, and 15.25 billion in tradepapers)

There is a cash limit in every game.

Sorry Ghargoil, numbers are not your strength ;)

- random number collision is much more likely (if you randomly chose 1/5th of the pool of available numbers, the collision chance is approx 50% - see the birthday paradoxon for further literature on that.
- 256bit random value from a standard RNG has nothing to do with SHA. Well actually SHA is a very special deterministic RNG optimized for long seeds. (So the induction would be the other way around)
- Why chose a RNG to get a unique number, when you could just count up? And thus don't need to check for duplicates.


Apparently English and numbers aren't your strength. To make it fair, I'll gladly admit my German is crap, but then again, I'm not writing on the German boards.

My musing was that you take a long seed and feed it to SHA. With a good source of random data, you don't have a problem. Why include the user and amount of credits in the hash? To help further reduce the already impossible chance of a collision.

Also, what's 1/5th of 2^256? Go figure that one out. You're never gonna reach it.

Hence, your points 1 and 2 are irrelevant -- so maybe you should hit 'preview' before you hit 'submit'.

The only relevant point you bring up is that all that is unnecessary when you can simply count up -- so that is indeed a better solution.



Let us sum up the information we got:
- itemids (unique item numbers) will not be implemented
- cashcubes are gone for good


I have no agenda in asking for the re-addition of Cash cubes in Neocron, I am simply pointing out that the abuses can be detected.

So instead of trying to beat on me for, god forbid, bringing up a topic about what apparently was one of the most abused former features in the game, why don't you just accept the fact that I'm just posting some proposed solutions to the problem like anyone else -- even yourself, with your counting up solution -- and that we're all in the same boat with regards to improving Neocron.

There is i.e. one for WoW's gold (214748g)
There is for AC (2.44mio cash, and 15.25 billion in tradepapers)

There is a cash limit in every game.

Well not the games I play, also WOW and AC are crap lol.

The games I have played.

I played some lineage
Neocron
EVE
AO
WIIonline


Tryed a few others but lets just say they was not worth the download i.e WoW.

My musing was that you take a long seed and feed it to SHA. With a good source of random data, you don't have a problem. Why include the user and amount of credits in the hash? To help further reduce the already impossible chance of a collision.


SHA will not increase the entropy of the random value, actually you are decreasing it with SHA, which is the nature of all hashes. SHA is therefor not suitable for this kind of operation.



Also, what's 1/5th of 2^256? Go figure that one out. You're never gonna reach it.

It still proves that your assumption i read from your previous post - that the collision in a random souce of 256bits is equal/comparable to breaking SHA - is wrong. It's not even as strong as finding only one collision in SHA (which is not a break of SHA in itself, unless you find a pattern for the collisions)



Hence, your points 1 and 2 are irrelevant -- so maybe you should hit 'preview' before you hit 'submit'.

See the above explanation why this isn't the case. They would have been irrelevant, if noone tried SHA as a solution or compare.



So instead of trying to beat on me for,


That was never my intention.
Just trying to spot and correct problems where they occure.

The games I have played.


Lineage II: Limit: 2.1 billion
Neocron: Limit: 20 million
EVE: Limit: unknown, > 790billion, but connected to RL-cash thus probably never reached limit
AO: Limit: 1billion
WwIIonline: Well didn't know it has some kind of cash. Does it?

My argument isnt that its the right thing to do.

Or that it cant be done better

My Argument is that money cap is there, and for a reason...

A reason and purpose it fills, very well...

Lineage II: Limit: 2.1 billion
Neocron: Limit: 20 million
EVE: Limit: unknown, > 790billion, but connected to RL-cash thus probably never reached limit
AO: Limit: 1billion
WwIIonline: Well didn't know it has some kind of cash. Does it?

Did not know linage had a limit tbh, anyway no one would ever reach it, eve does not have a limit, if there is its somewhere beyond trillions which is not disclosed and will never be reached. AO never knew that had a limit... WIIonline well don't why i put that, I did play it though for a few years :)

I don't really see the argument for removing the cash cap...? The people earning that kind of money have it stored accross multiple clans anyway. All removing the caps will do push up the prices of player made items further, thus taking them out of reach of the casual gamer who hasn't had time to farm a fortune.

I suppose KK could then try and increase cash rewards for PvE etc to counter the inflation, but they would also have to increase vendor prices to match. Players would be earning more and more money and would be driving the prices of rares etc up further until you'd end up with a situation of massive hyperinflation; where the simplest of things could cost into the millions.

Well not the games I play, also WOW and AC are crap lol.

The games I have played.

I played some lineage
Neocron
EVE
AO
WIIonline


Tryed a few others but lets just say they was not worth the download i.e WoW.

I'm not sure what your opinion of games has to do with whether they have a cash cap or not ...

I'm not sure what your opinion of games has to do with whether they have a cash cap or not ...

rofl. take no prisoners cake :) well put.

SHA will not increase the entropy of the random value, actually you are decreasing it with SHA, which is the nature of all hashes. SHA is therefor not suitable for this kind of operation.

SHA is perfectly suitable for this operation -- even if by some freak coincidence the /dev/random spits out the same random number as some time before, the combining of a random number along with a timestamp and hashing it further sends this likelihood into well, zero. Now a collision would have to take place at the exact same second as the original, which leads to the whole point regarding trying ~2^254 numbers within that second.



It still proves that your assumption i read from your previous post - that the collision in a random souce of 256bits is equal/comparable to breaking SHA - is wrong. It's not even as strong as finding only one collision in SHA (which is not a break of SHA in itself, unless you find a pattern for the collisions)


See the above explanation why this isn't the case. They would have been irrelevant, if noone tried SHA as a solution or compare.

I never made that assumption. I said that hashing a random number, plus other information (e.g. user, cash, timestamp) and then finding a collision in the hash would be tantamount to finding a collision in SHA, rather than in the random number. Hence breaking (largely) SHA.

I said that hashing a random number, plus other information (e.g. user, cash, timestamp) and then finding a collision in the hash would be tantamount to finding a collision in SHA, rather than in the random number. Hence breaking (largely) SHA.

No. This is simply not true: SHA is surjective but not injective. (|V| > |{SHA(v)|v in V}|, where v is the set of all values accepted by SHA)
And this is why SHA is NOT suitable. SHA is reducing entropy.

That means:
If you take some Data A,B and concat Random C,D, then AC is less likely to collide with BD then it is for SHA(AC) with SHA(BD)

SHA in itself is a good method to sign information, but it does not work to hide information if it's structure (the data and the used PRNG) is known. Hence this is why hashes often get salted with a secret to prevent knowing the pattern of the sourcevalue. Yet we all know: there is no security through obscurity.

Well since it is in the situation with items the same instance, the same RNG, the sam data semantic that gets feeded into SHA, it's pretty likely to have a collision here. On top of this now gets the (really tiny) chance that there is not only this equal source leading to a collision but also, that SHA produces the same result for two different values of that pattern.

Well such things i.e. leaded to the break of the NintendoDS gamecard encryption. They feeded their initital cryptokey with a PRNG that only had ~2^11 possible values. The blowfish encryption and RSA signing on top of it was not broken ... yet with that info on the source data it is possible to find the needed key by checking for a collision on each possible value. Some cards do this even on the fly on a 66MHz ARM.

No. This is simply not true: SHA is surjective but not injective. (|V| > |{SHA(v)|v in V}|, where v is the set of all values accepted by SHA)
And this is why SHA is NOT suitable. SHA is reducing entropy.

That means:
If you take some Data A,B and concat Random C,D, then AC is less likely to collide with BD then it is for SHA(AC) with SHA(BD)

I am familiar with the notation, and I understand that SHA is a one way function that takes any input and turns it into bitstring of length 256.

The whole purpose behind SHA is that you don't have to store all 1024 bits of A || C, and you can simply store the SHA of it. Hence checksums instead of posting a dump of whatever file you're downloading into the actual HTML of the page with some instruction: "Please use a hex editor to verify that the file you are downloading is exactly the file below:"

Additionally, it IS true that finding a collision between SHA(A || C) and SHA(B || D) is exactly what is considered as breaking SHA.


SHA in itself is a good method to sign information, but it does not work to hide information if it's structure (the data and the used PRNG) is known. Hence this is why hashes often get salted with a secret to prevent knowing the pattern of the sourcevalue. Yet we all know: there is no security through obscurity.

SHA does NOT sign information at all, and you would be mistaken to believe that. Salting a hash is purely to protect against a dictionary attack, and not a method of security through obscurity unless you're doing something totally wrong with it.

A dictionary attack on hashes is when you have a hashed password, for example, and you have a database of plaintexts and their corresponding hashes. Then you do a quick search, and you are presented with the original plaintext. Salting prevents this since you would now need to REHASH all the values in that gigantic dictionary using that salt. Hence why salting is used.

Salting has absolutely nothing to do with signing, and anyone using a salt to sign anything would either be very quickly presented the problem of either a) allowing other people to verify the "signature", or b) the problem of anyone being able to forge another "signature" -- since no one can verify a "signature" without the salt, and if anyone has the salt, they can forge another "signature" with it.


Well since it is in the situation with items the same instance, the same RNG, the sam data semantic that gets feeded into SHA, it's pretty likely to have a collision here. On top of this now gets the (really tiny) chance that there is not only this equal source leading to a collision but also, that SHA produces the same result for two different values of that pattern.

That's the point of taking the SHA of ( pseudo random number || timestamp || user || credits ) instead of just using a pseudo random number which you suggest offers the same protection -- though realistically you could most likely just stop at timestamp, unless your random number generator was something akin to rand() in C++ and seeded by the current time.


Well such things i.e. leaded to the break of the NintendoDS gamecard encryption. They feeded their initital cryptokey with a PRNG that only had ~2^11 possible values. The blowfish encryption and RSA signing on top of it was not broken ... yet with that info on the source data it is possible to find the needed key by checking for a collision on each possible value. Some cards do this even on the fly on a 66MHz ARM.

2^11 possible values? You do realize how pitifully small that is, right? And how the easiest solution is simply to brute force those 2000 possible initial values?

-- again, completely irrelevant of a point since my suggestion was based on 256 bit hash of (at least) 256 bits of pseudo-random data coupled with other information to reduce the chances of input collision to nil.

... thus, should the outputs collide, Reakktor has made a discovery that everyone would be very interested in.

Well SHA is a hash, Hashes are the base of all signings. A Hash is not the whole magic of signing between two parties. (This is were i think you got me wrong) Since it does not conatin a method to hide information.

SHA+information hiding in the way of a secret salt is often used to prevent Manipulation in databases (where sender and receipent of the data is the very same system, and shall ensures that the storage was not manipulated). The hash of the salted data is called the signature of the data.

Yes, 2^11 it is a awfull low count of possible values. However one of them produces a collision. But that does not mean that the encryption and verification method was broken.

It just shows that the output of an encryption, and the ouput of an hash strongly dependend on the input, not on the method itself. If you can "guess" (brute or however) the original data, then that specific system is broken, and not the Hash.

You tell that the chance of finding a collision here in the SHA(Data||RNG) is equal to finding a collision in any SHA, and this is false.

We can do a simplified test: I take a PRNG, which has the weakness of creating only integers from 10..99. The data is "number".
Now, is it equal to find a set of "number##" that collides with the SHA-256: 941C4BE43EE855595DAE1269AD03D406570E09E43332B6022A1AF6D2CEAEF05D with breaking SHA? How many test's do i have to make to find a collision in the worst case?

Oh, i guess you found the collision on the first try. Did you break SHA in the meanwhile?

Somebody mentioned dual logging. Can you run two instances of this game with 2 accounts or do you have to run two computers as well?

Dual logging works.

You might want to change the local port (In the Launcher->Configure) for each new instance.

I dual log all the time, simply copy the enire Neocron directory.
Lauch the first instance of Neocron , log in.
Alt-tab and run the second instance, hit configuration and change the local port. Then log in.

Also it is a bit easier if you run them both in window mode.

One point to note, Neocron can get a bit temperamental when it comes to Alt-Tabbing

How about Dual logging at the same time on multiple monitors? I have two monitors hooked up to the same computer, can I set it up so I dual log into both and just alt-tab between them?

also Alt-tabbing so far in Windows vista has resulting in the game just crashing, any way to fix that?

It's actually easier to have two copies of NC lying around, which saves you the configuration mess each time you have to start NC anew (which isn't that rare of a case to happen, unfortunately). And yes, you need at least 2 accounts for this to work, unless you play on a different server with each NC instance (which kinda defeats the original purpose).

Cashcubes are gone for good; it were fun times having a dozen cashcubes of each 1.5+ bil in the inventory and wasting them to train INT up to cap by buying and selling Rhinos :lol: I wouldn't want to have these times back, though, because it was a real mess. If KK can't find a way to get things working correctly, then we better leave the cashcubes buried deep in NC history.

Transfer of items/money between characters on the same account would be a nice feature. I somehow have a feeling it's something KK doesn't really like to touch, because it's affecting certain "hot zones" they tried to avoid on other occasions already. I wouldn't keep my hopes high on something like this.

The money cap is an easy way to keep ingame "economies" halfway balanced, and depending on the cap also limits the possibilities for exploiters to a certain extent. Also, as explained already, it prevents certain other bugs to pop up.
Players usually only do a simple player-to-player trade, everything more complicated, i.e. multiple chars to cover the excess money thanks to the money cap, increases the amount of trust someone has to put into such a transaction by a great deal. Thus, this money cap, the availability and the demand of an item determines the final price; without a money cap the prices would go skyrocket, especially for items which cannot be mass produced / easily obtained. The reason is the money influx; regardless what MMORPG you play, at some point you gain more money than you can spend, and the more players reach this point, the more the so called ingame "economy" starts to falter: Inflation. That's how it is, and a money cap is a simple, yet effective way to keep things halfway sane. Besides, what is the point in carrying around 100 mil or even 1 bil creds? That's totally useless in NC :)

How about Dual logging at the same time on multiple monitors? I have two monitors hooked up to the same computer, can I set it up so I dual log into both and just alt-tab between them?

also Alt-tabbing so far in Windows vista has resulting in the game just crashing, any way to fix that?

I run Vista, Alt tab without crashing as long as i am not in the wastes.

I run in DX7 mode and compatibilty with WINSP2.

yeaaa cashcubes were nice! good to transfer money and stuff..

I run Vista, Alt tab without crashing as long as i am not in the wastes.

I run in DX7 mode and compatibilty with WINSP2.

would the wastes be equivalent to the MCS starter area? Thats where I'm alt-tabbing in.

Whenever I alt-tab, the game shows a black screen when I alt-tab back. I'm using DX-10/DX-9C

would the wastes be equivalent to the MCS starter area? Thats where I'm alt-tabbing in.

Whenever I alt-tab, the game shows a black screen when I alt-tab back. I'm using DX-10/DX-9C
The wastes (outside of the city areas) indeed include MC5 aswell, i ALWAYS crash on alt tabbing in those areas

would the wastes be equivalent to the MCS starter area? Thats where I'm alt-tabbing in.

Whenever I alt-tab, the game shows a black screen when I alt-tab back. I'm using DX-10/DX-9C

switch to dx7 when u want to alt tab in wastes. but i should work fine in cities and dungeons.

And cash cubes are a great way to create RPG runner quests, where you have to find stuff and get cash as a reward.

Use books and exchange them for giving out the win (not only money but also items can be distributed with it, without the risk of having a valueable item going to data nirvana)

Well SHA is a hash, Hashes are the base of all signings. A Hash is not the whole magic of signing between two parties. (This is were i think you got me wrong) Since it does not conatin a method to hide information.

No, Hashes are NOT the base or basis of all digital signature schemes. Hashes are simply used often in conjunction with them since it's alot shorter than attaching the entire signature.


SHA+information hiding in the way of a secret salt is often used to prevent Manipulation in databases (where sender and receipent of the data is the very same system, and shall ensures that the storage was not manipulated). The hash of the salted data is called the signature of the data.

Um, I suppose it could be. But that would only work assuming your salt was hardcoded or accessible only through some other means, as someone who could do SQL Injection could simply find your salt value in your settings table or however else you store your salt and then "sign" whatever they want.

Again, SHA and other hashes have nothing to do with information hiding, they are simply considered fingerprints of data.


Yes, 2^11 it is a awfull low count of possible values. However one of them produces a collision. But that does not mean that the encryption and verification method was broken.

It just shows that the output of an encryption, and the ouput of an hash strongly dependend on the input, not on the method itself. If you can "guess" (brute or however) the original data, then that specific system is broken, and not the Hash.

Okay, and...


You tell that the chance of finding a collision here in the SHA(Data||RNG) is equal to finding a collision in any SHA, and this is false.

I did NOT claim that. I stated that if you had two DIFFERENT inputs of the form: (R1 || time1 || user1 || credits1) = A, and (R2 || time2 || user2 || credits2) = B -- and you hashed A and B -- if the hashes were equal, then you broke SHA.

A and B also, additionally, have a nil chance of being equal based on previously established facts.


We can do a simplified test: I take a PRNG, which has the weakness of creating only integers from 10..99. The data is "number".
Now, is it equal to find a set of "number##" that collides with the SHA-256: 941C4BE43EE855595DAE1269AD03D406570E09E43332B6022A1AF6D2CEAEF05D with breaking SHA? How many test's do i have to make to find a collision in the worst case?

Oh, i guess you found the collision on the first try. Did you break SHA in the meanwhile?

Finding the same initial input and finding a collision are not the same things.

You take one input A, which is -- for the sake of simplicity -- part pseudo-random bitstring of length 256, and part timestamp down to the second -- and you take another input B of the same form.

The probability that A will equal B is zero with any decent PRNG. Thus, given A, finding B == A is impossible even with the timestamps removed (~2^254 tries), and with the timestamp is zero.

Thus, should hash(A) == hash(B), you've found a collision in your hash function and it's broken from a cryptanalysis point of view.

Sorry to be so blunt, but if you still fail to understand that, I cannot help you -- but I kindly request that you not try to lecture me in a field you obviously aren't exceedingly familiar with. Programming and math are two different things -- so just because you might be good in the former does not imply you're good with the latter. So if you wanna lecture me or correct me on methodology for good programming, go right ahead, but try not to assume you're the resident expert in anything that might be remotely related.

Take a course in introductory cryptography, and if you have already done so, go review your book.

No, Hashes are NOT the base or basis of all digital signature schemes. Hashes are simply used often in conjunction with them since it's alot shorter than attaching the entire signature.


A signature does not equal a complete encryption. Or shortly: What would be the use of providing full cypher and plaintext, when you have the full information in the cypher?
Noone should provide both and those who do this should read up on attacks to learn why to avoid such.
But then, if you leave away the not needed plain, you wouldn't have anything signed.



Again, SHA and other hashes have nothing to do with information hiding, they are simply considered fingerprints of data.

That is exactly what i said. And tbh. fingerprinting IS signing. (applying a unique pattern (sign) to a data)



I did NOT claim that. I stated that if you had two DIFFERENT inputs of the form: (R1 || time1 || user1 || credits1) = A, and (R2 || time2 || user2 || credits2) = B -- and you hashed A and B -- if the hashes were equal, then you broke SHA.

A and B also, additionally, have a nil chance of being equal based on previously established facts.

Finding the same initial input and finding a collision are not the same things.

Eyactly. But since the first still produces an effect we NEED to avoid, all that it comes down to is exactly the collision in the source creating a collision in the hash (there is nothing that would differentiate a collision from the regular hash of the exact same input) - and i like to remember to my first post on that topic - that this behaviour makes SHA unsuitable for this kind of operation.

You can not ignore one part of the reaons why an effect occures and tell the ppl: if you have a collision in the system, then KK has just broken SHA. NO it just means that either the input was the same or a collision is found for that specific SHA result.


[Some personal "advises"]

Don't just read some of the things.
You seem to be stepped over the basic: A system is as secure as the weakest part.
And pls re-read the article/book or rehear the course you found about signatures. I am sure every single signature system you'll find bases on/incorperates a hash. Might it be DSS, ECDSS, FDH, ElGamal, PointCheval, Schnorr, RSA-PSS.

PS: My qualifications are not open for discussion. If you need information about the source of my qualification to speak about this topic, go ask. But please without any knowledge about, don't just shot blind. Thanks

Use books and exchange them for giving out the win (not only money but also items can be distributed with it, without the risk of having a valueable item going to data nirvana)

Do the recordable books and recordable datadiscs still exist as a recycling formula?


I haven't tried it in a couple years, so I'm kinda in the blank if it's still there.

Yes,
[Caution Spoiler]

Book:
2x Ancient Launcher Connectors
1x Processor
2x Large Hydraulic Parts
1x Hardware Scraps
1x Energy Generator
1x Tronic Parts

All items available - tested

Disc:
1x Defunct CopBot Ethic Chip
1x Ancient Launcher Connectors
4x Processor
1x Energy Generator
1x Hardware-Based O.S.

Don't know if the Chip drops.

[Spoiler Ende]

hm it was fun to collect all the parts with my hc pe long time ago.

i made "ablass briefe" out of it. the letters which were sold by christian preachers to the poor christian community to forgive their sins back in time.

actually that was a good income... many people didnt like crahn f****** sinners ;)

...All parts are available and drop. Rocket launching mutants and malfunctioning Stormbots are the mobs to find here.

[...]

Don't just read some of the things.
You seem to be stepped over the basic: A system is as secure as the weakest part.
And pls re-read the article/book or rehear the course you found about signatures. I am sure every single signature system you'll find bases on/incorperates a hash. Might it be DSS, ECDSS, FDH, ElGamal, PointCheval, Schnorr, RSA-PSS.

PS: My qualifications are not open for discussion. If you need information about the source of my qualification to speak about this topic, go ask. But please without any knowledge about, don't just shot blind. Thanks

lol. I have no intention of debating your qualifications -- your constant fumbling in this subject matter is what calls them into question.

I suppose you think that the harmonic series converges too?

It's obvious you're not from cryptology, as you continue to make ridiculous claims regarding it. And no, just because you can write applications well, or can quote some well known statement regarding security, or list a bunch of crypto algorithms does not qualify you as a cryptologist. Cryptology isn't a bunch of acronyms or hundreds of lines of C code, it's math. Fingerprinting is not signing, and your assertion that SHA reduces entropy is false given an input with entropy of the same length as the SHA hash -- nor is any of that relevant to the fact that SHA is perfectly suited for the above proposed task.

...

Sorry ghargoil that gets stupid now.
The entropy loss of SHA does not depend on the specific input length, but on the property of sha to map a larger set to a smaller while maintaining pseudo randomness.

If a function is deterministic, and not reducing entropy on a set, then the function is bijective on the set and its projected values. In which case the function is reversible. Which is a knock-out criteria for hashes, as it'd mean in your claim about short keys you'd be able to find a short key to a given hash value. This now would be a broken hash.


So how about trying to proof your claims next time, instead of AGAIN trying to talk about my qualification you simply don't have a clue about.

back2topic please
please use the PM function for private conversation.

so, isn't there a way to store money or make unique item instances without the chance of exploit?

If so, that sucks.

I got an idea....

How about each time you make a cashcube, it takes 2 minutes or so until the cashcube is created?

To give enough time to the server to recognize the cash transfer and make adjustments accordingly to database...

It just weird that you can't put functions in the game, because since the code is fragile, they will be exploited. :/

Do the recordable books and recordable datadiscs still exist as a recycling formula?


I haven't tried it in a couple years, so I'm kinda in the blank if it's still there.
I'm confused, what are those?

I'm confused, what are those?

Items that can be inscribed once by a player using them.
The inscription then can be read by any player which gets ahold of it.

Write-Once Notepads :p

The only way to build them is to recycle with the recipes in the spoiler section.

Awesome!
Can they be used more than once?

Can they be used more than once?

Write-Once Notepads :p

I think they can only be used once...

Oh woops, I wasn't paying much attention; I'm watching Torchwood right now, awesome show.

Recordable Datadiscs are 1 time only.

Recordable Books are supposed to be able to be used over and over again, but I never got around to test it, becaues last time I tried to make a book, no monsters dropped tronik parts, then they changed the cyclopses to drop them a lot, but by that time i had forgotten about it.

So no guarantees about multi-use books.

Well i got a bunch of these on in my main's cap, and a half-way to beeing good recycler .... gotta try.
I thought, the two items where only different in the length of the text storeable.

:edit: bleh, kept the wrong things ... anyone wonna have doy eyes? *g* ... takes a bit longer to test it

Well i got a bunch of these on in my main's cap, and a half-way to beeing good recycler .... gotta try.
I thought, the two items where only different in the length of the text storeable.

:edit: bleh, kept the wrong things ... anyone wonna have doy eyes? *g* ... takes a bit longer to test it

Well I base my memory on old information when I asked where the tronik parts dropped. So my info on the books and discs are from the time after beta where tronik parts were there, and before they were put back in the game.

So they could have been changed a million times.

But as I recall it, I was told that books were multi-use.

I would be very happy if you would test it.

So, tested the book, and it is write once.
I now own "Normal Book: First write to a book" and it can not be used, only viewed now.
http://mightymax.org/book.png

So, tested the book, and it is write once.
I now own "Normal Book: First write to a book" and it can not be used, only viewed now.
http://mightymax.org/book.png


Did you call it "First write to a book" ? or did it write that.

because if it wrote that, then it must be possible to do it more times, may just be broken.


but if you called it that for testing purposes then I guess it's just the way it is :(

Had hoped you could use it more times.


EDIT:

Why does it say "normal book" ?? is there an "abnormal book" ? "rare book" ? or something aswell?

It probably has a normal percentage, like weapons.
As in, it's normal, not perfect or artifact.

Did you call it "First write to a book" ? or did it write that.
[...]
Why does it say "normal book" ?? is there an "abnormal book" ? "rare book" ? or something aswell?

The "First write to a book" was the text i wrote on it. I wasn't creative there :p

It's all artifact (120%). The "Normal book:" seems to be the base name of written books.

It should be Artifact Normal Book then <_<

Nope, the "artefact", "good" etc attribute is only added to weapons, imps, armor and such.

Parts, Drugs, Datacubes ... do no have it.

There are plenty of things other than those you listed that have the stats name.

Yes. hence the "and such". The book however is one of the itemtypes that have a condition, yet are not prefixed with attribute.