Wouldn't you want to not give the client any information about the correct answer? I would think you would want to have a `POST` command that gives you the encoding guesses if you truly want to keep it out of the browser.
I'm thinking more about just casually writing it down e.g. in an email or FB post - the word for this day was "MROEN" - where the reader could decode MROEN easily, but just knowing MROEN wouldn't leak information. And this is more an abstract question than something with a practical use case.
If the client/reader can easily decode it then a motivated cheater/attacker can easily decode it.
Something like homomorphic encryption or a trusted enclave on the client could work here but unless there's money involved that's probably gross overkill.
I'd go with the server-side solution and API personally but if I had to pick a mechanism for client-side I'd probably do something like AES encryption with a generated key. The actual secret would look like garbage and the key wouldn't show up anywhere on the wire so the attacker would have to actually reverse engineer the key generator.
All that said most of the "attacks" I've seen on the wordle problem just optimize the guessing strategy which is way easier than trying to figure out de-obfuscation of the secret.
Pick an accesible online dictionary. Then use a pattern like the following:
- Lookup the definition of the word for the day. Take the first word in the definition.
- Lookup the definition of that word. Take the first word in its definition.
- Repeat, maybe?
- Use the first word in the definition as the key.
Easy to verify but hard to reverse.
erehweb|4 years ago
devonbleak|4 years ago
Something like homomorphic encryption or a trusted enclave on the client could work here but unless there's money involved that's probably gross overkill.
I'd go with the server-side solution and API personally but if I had to pick a mechanism for client-side I'd probably do something like AES encryption with a generated key. The actual secret would look like garbage and the key wouldn't show up anywhere on the wire so the attacker would have to actually reverse engineer the key generator.
All that said most of the "attacks" I've seen on the wordle problem just optimize the guessing strategy which is way easier than trying to figure out de-obfuscation of the secret.
a-williams|4 years ago