is this library only meant to be used for protecting network traffic?
Moderators - Reputation: 14867
Posted 23 September 2013 - 11:47 AM
It can be used on any data.
Note that encryption is just a limited armored transport service. It only helps protect against tampering between the time it is encrypted and the time it is decrypted. That is all.
It does not protect you against any other attacks. It won't help protect the data once it is decoded, such as monitoring the memory of your application, modifying values inside a running program, protecting the communications protocol itself, or preventing attackers from establishing their own secure connections. Since all data must be deciphered to be used, you must assume that an attacker who has access to the machine also has full access to all the data.
Moderators - Reputation: 14867
Posted 23 September 2013 - 01:10 PM
is this the best one to use?,thanks for the smart reply btw
Best is subjective. Only you know your requirements, Only you know if you have requirements about trusting (or distrusting) any specific library.
It is functional and has developed a community around it. Is it better or worse than any other product? That depends on you and your needs.
Crossbones+ - Reputation: 2931
Posted 24 September 2013 - 06:18 AM
Thats the problem , i am not sure what exactly this library is used for,all i know that you can encode/crypt strings, i am not sure if you can do it for varibles?
It can compute hashes, checksums, MACs, PRNs, ... and is by no way restricted to strings. Instead, it works on streams of bytes. And because any data can be seen as stream of bytes, the library can work on any data (not even plain but also structured data).
Members - Reputation: 987
Posted 24 September 2013 - 10:13 AM
What do you wish to encrypt? The library can encrypt anything you want, but it is not always worth to encrypt normal game data, unless you want to delay the discovery of your protocol (which will happen if your game get enough attention).
IMO encrypt the login information and private chats and you should be fine.
I would recommend that you take your time and have at least a good idea of how algorithms work and what you should save because some are not as intuitive as they may seem (specially public key encryption and hash + salt password saving).
Edited by KnolanCross, 24 September 2013 - 10:14 AM.
Crossbones+ - Reputation: 6492
Posted 25 September 2013 - 12:04 AM
I also recommend *not* using the library in a serious project if you don't know how to use it. Cryptography is difficult to get right, and even if you do know what you are doing you should still use existing frameworks and protocols to achieve whatever security property you are looking for (e.g. use SSL/TLS bindings, a validated SRP implementation, and so on) instead of rolling your own. The problem is that it's very easy to think you've got it right when in reality all you've got is a gaping hole that you can't even see. I know it's tempting to just go ahead and hack away at code until it looks like it's working, but most crypto tutorials you will find on the net are utter crap and with the wealth of easily accessible knowledge and vetted implementations there is really no excuse for doing this yourself, failing, and getting your ass kicked shortly after by the PR backlash.
And, yes, encryption does not care about the underlying structure or semantics of the data. It works on any kind of information, in any encoding.
Edited by Bacterius, 25 September 2013 - 12:08 AM.
"The best comment is a deleted comment."