Jump to content

  • Log In with Google      Sign In   
  • Create Account


#ActualCarradine

Posted 29 April 2013 - 02:16 PM

I found this great post on Stack Overflow which seems to describe what I should be doing based off of your suggestions as well:

http://stackoverflow.com/questions/5415752/how-to-save-string-username-password-in-encrypted-form-in-database-and-decryp

 

It explains that you should salt and hash the password using the SHA-256 algorithm from OpenSSL.

 

But a few questions still linger.

 

How should I still send the password (and other info like login/email) to the server by itself so I can still salt/hash it?  Should just still be sending it through WSASetSocketSecurity() be safe enough since I will be salt/hashing it on server and not storing the password in any way on the server? (Should I be masking the data somehow to deter packet sniffers? etc..)

 

Does WSASetSocketSecurity() have any performance issues?  Should I just leave it on for the player the whole game?  Or just use it when sending sensitive information packets?

 

I hope I am thinking about this the right way.  Of all my years programming I just seem to have a bit of trouble wrapping my head around this.


#1Carradine

Posted 29 April 2013 - 02:11 PM

I found this great post on Stack Overflow which seems to describe what I should be doing based off of your suggestions as well:

http://stackoverflow.com/questions/5415752/how-to-save-string-username-password-in-encrypted-form-in-database-and-decryp

 

It explains that you should salt and hash the password using the SHA-256 algorithm from OpenSSL.

 

But a few questions still linger.

 

How should I still send the password (and other info like login/email) to the server by itself so I can still salt/hash it?  Should just still be sending it through WSASetSocketSecurity() be safe enough since I will be salt/hashing it on server and not storing the password in any way on the server?

 

Does WSASetSocketSecurity() have any performance issues?  Should I just leave it on for the player the whole game?  Or just use it when sending sensitive information packets?

 

I hope I am thinking about this the right way.  Of all my years programming I just seem to have a bit of trouble wrapping my head around this.


PARTNERS