Jump to content

  • Log In with Google      Sign In   
  • Create Account


#Actualfrob

Posted 19 April 2013 - 04:52 PM

Unasked but often most important:   WHY?

 

Why are you doing this?

 

Encryption is a method to protect data in transit between good actors through a hostile environment.  

 

 

As a simple example, a secure web page only makes it difficult for an eavesdropper to listen to your web traffic and read the results in the clear.  This is only a good thing if both ends are good actors.  It provides absolutely no protection if the web browser or computer is being operated by the attacker.   The web page can be encrypted with the strongest protections in the world, it doesn't make it secure against somebody looking at the screen, or against somebody with spyware installed on the machine.

 

 

 

You don't describe a situation of two good actors.  You have a bad actor (the person performing the attack) who has access to the running the game code.  This is not a thing that encryption will protect.

 

It looks like you are encoding your resources.  Why?  Any attacker can simply stop your game in a debugger.  They can watch for you to decode the data.  And once it is decoded they have full access to the content.  The attacker can also copy the decyrption code and run it directly on the content themselves.

 

If you are talking about using this for protecting your network data stream, again, why?  An attacker can do exactly the same thing as above, establish an encrypted communication stream, and then read the clear communications as it is decoded on their side.  The real benefit for encryption online is to make it so good actors cannot have their communications monitored or modified (depending on the cyphers used) by bad actors.  The bad actors can look at the protocol, and they can see everything that is going on in their own sessions, and they can even send corrupted communications on their own secure connection.  A bad actor can still establish their own secure connections, and they can still engage in their own transactions; that is not what encryption does. The point of encryption is that even with full knowledge and with full network access a bad actor still cannot directly intercept and harm the communication of two good actors.

 

 

 

So what are you trying to protect, and why?


#2frob

Posted 19 April 2013 - 04:47 PM

Unasked but often most important:   WHY?

 

Why are you doing this?

 

Encryption is a method to protect data in transit between good actors through a hostile environment.  

 

 

As a simple example, a secure web page only makes it difficult for an eavesdropper to listen to your web traffic and read the results in the clear.  This is only a good thing if both ends are good actors.  It provides absolutely no protection if the web browser or computer is being operated by the attacker.   The web page can be encrypted with the strongest protections in the world, it doesn't make it secure against somebody looking at the screen, or against somebody with spyware installed on the machine.

 

 

 

You don't describe a situation of two good actors.  You have a bad actor (the person performing the attack) who has access to the running the game code.  This is not a thing that encryption will protect.

 

It looks like you are encoding your resources.  Why?  Any attacker can simply stop your game in a debugger.  They can watch for you to decode the data.  And once it is decoded they have full access to the content.  The attacker can also copy the decyrption code and run it directly on the content themselves.

 

If you are talking about using this for protecting your network data stream, again, why?  An attacker can do exactly the same thing as above, establish an encrypted communication stream, and then read the clear communications as it is decoded on their side.

 

 

 

So what are you trying to protect, and why?


#1frob

Posted 19 April 2013 - 04:44 PM

Unasked but often most important:   WHY?

 

Why are you doing this?

 

Encryption is a method to protect data in transit between good actors through a hostile environment.  

 

 

As a simple example, a secure web page only makes it difficult for an eavesdropper to listen to your web traffic and read the results in the clear.  This is only a good thing if both ends are good actors.  It provides absolutely no protection if the web browser or computer is being operated by the attacker.   The web page can be encrypted with the strongest protections in the world, it doesn't make it secure against somebody looking at the screen, or against somebody with spyware installed on the machine.

 

 

 

You don't describe a situation of data in transit, and you don't describe a situation with two good actors.  You have a potentially bad actor (the person performing the attack) who has access to the running the game code.

 

It looks like you are encoding your resources.  Why?  Any attacker can simply stop your game in a debugger.  They can watch for you to decode the data.  And once it is decoded they have full access to the content.  The attacker can also copy the decyrption code and run it directly on the content themselves.

 

If you are talking about using this for protecting your network data stream, again, why?  An attacker can do exactly the same thing as above, establish an encrypted communication stream, and then read the clear communications as it is decoded on their side.

 

 

 

So what are you trying to protect, and why?


PARTNERS