Like they did with their Mersenne Twister since day one? Yeah, fat lot of good that does. Really, if your security measures rely on the obfuscation of the method then you're doing it wrong. That is the cardinal rule of security in general - if the only thing you have going for you is that people don't know the truth, then you're just biding your time until you get creamed. There's a reason the government holds open contests to create the new standard for encryption when one is needed, and subjects the algorithm to widespread public scrutiny before adoptiing it.TuernRedvenom wrote:That's why you take such an algorithm and change it a little bit. If a vulnerability comes to light (MD5 was widespread but is now considered insecure) a "default crack tool" won't cut it right away and gives the developer some time to make a better implementation.
I'm quite sure, yes. Do keep in mind that they DELETE the .db file after using it - there's no "backup" use in that case. The most likely case is that they use an open source SQLite library for all the relevant game data, and don't know how to work with the databases without writing them to disk first. It's not even that uncommon, but it IS corner cutting.TuernRedvenom wrote:I agree that writing the file seems redundant, but are you sure it's not just a backup? It could send it from memory but write the file for diagnostic purposes anyway.