Jump to content

  • Log In with Google      Sign In   
  • Create Account

Banner advertising on our site currently available from just $5!


1. Learn about the promo. 2. Sign up for GDNet+. 3. Set up your advert!


crypto++ question


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
7 replies to this topic

#1 Anddos   Members   -  Reputation: 557

Like
0Likes
Like

Posted 23 September 2013 - 09:56 AM

is this library only meant to be used for protecting network traffic?


:)

Sponsor:

#2 frob   Moderators   -  Reputation: 29887

Like
1Likes
Like

Posted 23 September 2013 - 11:47 AM

It can be used on any data.

 

Note that encryption is just a limited armored transport service. It only helps protect against tampering between the time it is encrypted and the time it is decrypted. That is all.

 

It does not protect you against any other attacks. It won't help protect the data once it is decoded, such as monitoring the memory of your application, modifying values inside a running program, protecting the communications protocol itself, or preventing attackers from establishing their own secure connections. Since all data must be deciphered to be used, you must assume that an attacker who has access to the machine also has full access to all the data.


Check out my book, Game Development with Unity, aimed at beginners who want to build fun games fast.

Also check out my personal website at bryanwagstaff.com, where I write about assorted stuff.


#3 Anddos   Members   -  Reputation: 557

Like
0Likes
Like

Posted 23 September 2013 - 12:34 PM

is this the best one to use?,thanks for the smart reply btw


:)

#4 frob   Moderators   -  Reputation: 29887

Like
0Likes
Like

Posted 23 September 2013 - 01:10 PM

is this the best one to use?,thanks for the smart reply btw

 

Best is subjective. Only you know your requirements, Only you know if you have requirements about trusting (or distrusting) any specific library. 

 

It is functional and has developed a community around it. Is it better or worse than any other product? That depends on you and your needs.


Check out my book, Game Development with Unity, aimed at beginners who want to build fun games fast.

Also check out my personal website at bryanwagstaff.com, where I write about assorted stuff.


#5 Anddos   Members   -  Reputation: 557

Like
0Likes
Like

Posted 24 September 2013 - 06:09 AM

Thats the problem , i am not sure what exactly this library is used for,all i know that you can encode/crypt strings, i am not sure if you can do it for varibles?


:)

#6 haegarr   Crossbones+   -  Reputation: 5722

Like
0Likes
Like

Posted 24 September 2013 - 06:18 AM


Thats the problem , i am not sure what exactly this library is used for,all i know that you can encode/crypt strings, i am not sure if you can do it for varibles?

It can compute hashes, checksums, MACs, PRNs, ... and is by no way restricted to strings. Instead, it works on streams of bytes. And because any data can be seen as stream of bytes, the library can work on any data (not even plain but also structured data).



#7 KnolanCross   Members   -  Reputation: 1585

Like
0Likes
Like

Posted 24 September 2013 - 10:13 AM

What do you wish to encrypt? The library can encrypt anything you want, but it is not always worth to encrypt normal game data, unless you want to delay the discovery of your protocol (which will happen if your game get enough attention).

 

IMO encrypt the login information and private chats and you should be fine.

 

I would recommend that you take your time and have at least a good idea of how algorithms work and what you should save because some are not as intuitive as they may seem (specially public key encryption and hash + salt password saving).


Edited by KnolanCross, 24 September 2013 - 10:14 AM.

Currently working on a scene editor for ORX (http://orx-project.org), using kivy (http://kivy.org).


#8 Bacterius   Crossbones+   -  Reputation: 11356

Like
0Likes
Like

Posted 25 September 2013 - 12:04 AM

I also recommend *not* using the library in a serious project if you don't know how to use it. Cryptography is difficult to get right, and even if you do know what you are doing you should still use existing frameworks and protocols to achieve whatever security property you are looking for (e.g. use SSL/TLS bindings, a validated SRP implementation, and so on) instead of rolling your own. The problem is that it's very easy to think you've got it right when in reality all you've got is a gaping hole that you can't even see. I know it's tempting to just go ahead and hack away at code until it looks like it's working, but most crypto tutorials you will find on the net are utter crap and with the wealth of easily accessible knowledge and vetted implementations there is really no excuse for doing this yourself, failing, and getting your ass kicked shortly after by the PR backlash.

 

And, yes, encryption does not care about the underlying structure or semantics of the data. It works on any kind of information, in any encoding.


Edited by Bacterius, 25 September 2013 - 12:08 AM.

“If I understand the standard right it is legal and safe to do this but the resulting value could be anything.”





Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS