Is this token system good enough?

I have created a token system to secure my events but I wonder if this helps/is enough.

My Script

local MaxTimeBetweenSendingAndRecieving = 3
local function EnCodeToken()

	local SendTime= os.time()

	local Rnd = Random.new(SendTime)

	local Key = SendTime

	for i = 1, Rnd:NextInteger(1, 20) do

		Key *= Rnd:NextInteger(1, 5)
	end

	return {SendTime, Key}
end

local function DeCodeToken(Key)

	local RecieveTime = os.time()
	local SendTime = Key[1]

	local Rnd = Random.new(SendTime)

	local DeCodeKey = Key[2]

	for i = 1, Rnd:NextInteger(1, 20) do

		DeCodeKey /= Rnd:NextInteger(1, 5)
	end

	return SendTime == DeCodeKey and RecieveTime <= SendTime + MaxTimeBetweenSendingAndRecieving
end

It’s pointless. Remote keys of any kind don’t work because exploiters can just call your module functions that generate the key, or spy on them as they are sent through network traffic.

This will assuming I understand it require the server to initiate the conversation and block any data that it didn’t request. As noted already though, this won’t actually stop you from receiving any bad data. An attacking party just needs to intercept your question and send it bad data back within the time frame pretending to be the script you intended. This will allow you to trust it a bit more, but ultimately the attacker can just send any data they want anyways.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.