Automatically generate a feed code

[haaksmash]

Hashing something user-related, maybe?

[o76923]

We had actually tossed this idea around for a while but got nervous that players particularly dedicated to cheating could come up with our hash if they had enough data then use it to generate feed codes. People using fraudulent feed codes to increase their meal counts as zombies or carrying around fake feed cards as humans have both been significant issues in the past.

However, if we can make a hash strong enough that this won't be a problem, then I wouldn't be opposed to it. I just don't know enough about hashing to know if we could have one that fits our feed code criteria (no more than 6 letters, letters used only come from approved list of 13 letters, we must be able to have 600+ codes per game, no codes repeated within 8 games) but is still complex enough that someone who collected tons of old feed cards couldn't crack.

[haaksmash]

Why no more than 6 characters, why must the choice be from just 13 characters?

Some off-the-cuff ways to alleviate the 'stealing our hash' concern: treat the codes like a password; salt their hash with something (a random string/number), specific to each game. Or, just use an actually random string. Salting the hash seems like the right way to go, to me.

[o76923]

6 was actually a compromise for security reasons, our goal was to try and get down to 4 characters. The reason we want it so short is that it needs to be easy to enter for players that don't use the QR codes.

The reason we have limited it to this subset of letters is because we want it to be really clear to players what letters are being used in the code. In normal circumstances this isn't a problem because you just hand over feed cards, but if a player loses or forgets their card then a zombie can copy their code off the bandanna. During this copying step things need to be clear. We're actually changing two of the letters from last time because we had problems with this step last time (I didn't think about rotational symmetry).

Salting the hash would only work if it was difficult enough that it couldn't be cracked between the start of registration week and the end of game week.

We have to design this game to both ends of the spectrum. We have to assume that our good players are paste eaters and that our malevolent players have a run away military budget to spend on it.

[jthemphill]

I'm assuming this isn't happening, at least not for this game.