The description I read about Kerberos-style key exchange starts where the client and server already both have the user's hashed password. What I haven't found is how the hashed password initially gets installed on the server.

Hello

I started devoloping simple multiplayer game, but I know absolutely nothing about security. I'm also developing simple launcher that can update the game. Here are my questions:

1. User should be able to login to the game. Currenly user enters login/password, that is sent to a game server, and the server resends it to ASP.Net WebApi which handle the authentication. I send everything in plain text, what should I do to improve security?

2. I want to players should only be allowed to play newest version, so launcher reqests web service for current version and compare it with assembly version.

3. If the version is diffrent launcher downloads newest version and replace with currently installed. How can I ensure to allow players connect to servers using mine .exe?

What are flaws in mine design and what should I do to get rid off them? Any references where should I get more information about this subject?

I'm using c#, lidgren for netoworking and asp.net mvc + web api for web services.

Personally for login i tend to generate and sign a self-signed SSL certificate. The client then connects to the server over TCP with SSL to authenticate and establish a session, upon its first visit storing the certificate fingerprint and other pertinent data to the database.

The client then encrypts that certificate using a username and password pair hashed using HMAC or similar.

On future login attempts, the client prompts the user for their username and password. The username and password are passed through HMAC to decrypt the SSL certificate, and the username is sent via the SSL channel, which is authenticated with the SSL certificate.

The server then verifies that the username given is using the correct SSL certificate on the channel, and if it is, then access is granted.

Doing it this way ensures you never send the password, you never store a decrypted certificate on the users disk, and you never even send a hash of that password.

Your downsides are of course that if the user reinstalls the game, they need to contact support to get their new certificate associated with their account. It is best to shield the user from all this internal rammel, and just give them a generic error "could not sign in. Please contact support with this reference: <certificate's hash here>".

Please let me know if you have any questions about this, as i have found in real world applications this is a great way to secure any application not just a game, although from a programmer's perspective it can be kind of hard to implement.

well in this era what about multiple install? what if i have a game on steam and want to install it at work at home, in my notebook etc?