Chad wrote:And no you would not report the key to the user, because if key's were used with our inp form of encryption revealing the key would be like releasing the encrypted source and any use could use that key to make a slowded down inp and then they would encrypt the inp like an alphamame one with the known key, NO!
I wasn't using "key" in that manner.
I was thinking about games that had contests in the past spit out some verification 20-30 character code after the game is over that you send in to the publisher and from that they can verify if the score was authentic or not.
Instead of having some high level encryption for the inp file which would burn up more cpu as the encryption method used is more complex, just save the inp file as regular mames do but then just generate a separate file to use for verification. That small verification file since it isn't very large could use higher level encryptions without really sacrificing the game performance cuz it could even be something that is done when the game ends that you must press some key before quitting that game's emulation that triggers to stop the inp recording and then do that function call to generate that other file for verification.
You could even get really fancy where part of that puzzle is done online where a http call is done and the server does some "stuff" then sends back a code. This way some "unknown" would be occurring at the web site in some perl script or php etc. that wouldn't be known to anyone except mahlemiut.
Then he could have a PC exe that he distributes without any source where confirmers can check that submitted code for verification.
The downside to that is you must be online ...which given we are submitting our scores online should be a given for almost all so I wouldn't see a problem there.
This way given part of the code is at some remote web site it would allow this process to work for all platforms....instead of trying to include all of it in an exe as the source code of alphamame wouldn't have all the pieces of the puzzle.
That kind of system would be even more secure than any exe released even without source where some hacker could disassemble it and perhaps figure it out.
If you happened to not be online when alphamame was finishing a game and/or failed to contact the web site then it could give you a "keycode" file that you submit with your zipped inp to the web site when it is back online or you are online to a form at the site. Given the server is doing something to generate a verification code that is totally unknown to the player, there would be no way to crack the system without knowing what that code on the website is doing.
That seems like the most secure system possible.
[KIDDING!! It'd prolly be zero'd right away anyways 
