moth

tokens.md

 1Tokens
 2======
 3
 4We used to use tokens extensively for categories outside of MOTH
 5(like scavenger hunts, Dirtbags Tanks, and other standalone stuff).
 6
 7We still occasionally pull out tokens to deal with oddball categories
 8that we want to score alongside MOTH categories.
 9
10Here's how they work.
11
12Description
13------------
14
15Tokens are a 3-tuple:
16
17> (category, points, nonce)
18
19We build a mothball with nothing but `answers.txt`,
20and a special 1-point puzzle that uses JavaScript to parse and submit tokens.
21
22Generally, tokens use colon separators, so they look like this:
23
24    category:12:xunap-motex
25
26Uniqueness
27--------
28
29Because they work just like normal categories,
30you can't have two distinct tokens worth the same number of points.
31
32When we need two or more tokens worth the same amount,
33we make the point values very high,
34so the least significant digit doesn't have much impact on the overall value.
35For instance:
36
37    category:1000001:xylep-nanox
38    category:1000002:xenod-relix
39    category:1000003:xoter-darox
40
41
42Entropy
43-------
44
453 octets provides 24 bits of entropy.  This gives 16777216 possible
46tokens in each category.  The longest contest yet run lasted 24 hours,
47which would give 2^24/24/60 = 11650 tokens per category per minute.  I
48think this is a large enough pool to discourage brute-force attacks.
49Assuming /dev/urandom is as good as is claimed, brute-force would be the
50only way to attack it.