对于短得可笑的值(即:值

For a ridiculously short value ( Ie: values < 64 characters ), MD5 as a hash becomes ineffective due to rainbow table attacks, and as the value you're sending will be shared over the wire, all they have to do is brute force the shared secret ( and they have a known product to work with )

因此，那不是公钥私钥.它只是共享的秘密.

As such, thats not public key private key. its mererly shared secret.

另外，请记住，这个共享的秘密将在您发送给用户的 Flash 文件中，这些天这些文件被简单地分解，然后您的秘密"不再是秘密.

Also, keep in mind this shared secret will be in your flash file you send to the user, which these days and be trivially disassembled and then your "secret" is not a secret any more.

您需要一种具有适当加密签名的更具挑战性的响应机制，其中从服务器为每个游戏分配一个新的签名密钥，并且不能使用相同的签名密钥提交多个分数.(为了额外的保护；))

You want a more challenge-response mechanism with proper crypto signing, where a new sign key is assigned for every game from the server, and multiple scores cannot be submitted with the same sign key. ( For extra protection ;) )

1. 用户开始游戏.要求签名密钥.(签名密钥是从他们无法访问的另一个密钥生成的).
2. 分数用签名密钥签名，然后发送
3. 您使用发送给他们的密钥验证该标志的值.
4. 您丢弃了发送给他们的签名密钥.

然而，您仍然面临着无法防止实际评分系统被篡改的问题.足够聪明的人可以对您的 SWF 对象进行逆向工程并注入新代码，将分数设置为他们选择的值.

However, you still have the problem where you have no way to prevent the actual scoring system being tampered with. Somebody smart enough could just reverse engineer your SWF object and inject new code that just sets the score to their chosen value.