Jump to content

  • Log In with Google      Sign In   
  • Create Account

Banner advertising on our site currently available from just $5!


1. Learn about the promo. 2. Sign up for GDNet+. 3. Set up your advert!


DvDmanDT

Member Since 10 Dec 2004
Offline Last Active Today, 06:56 AM

Posts I've Made

In Topic: Reliable UDP messages

18 February 2015 - 02:17 PM

I'm mostly familiar with Lidgren which is pretty much the one true networking library for .NET. It uses multiple "channels" where some channels are unreliable, others are ordered but may have packets dropped, others are reliable and ordered.

 

It will only resend those that are reliable. The unreliable option allows packets to be received out of order with some packets dropped etc. You can mix and match channels as you see fit for your various data types.


In Topic: how to know most hack possiblities and find best way to handle them

15 February 2015 - 02:46 PM

 

thank you for answering to me. i have read the code before but need information how it works. as i saw the code, there is no code for encrypting. is the encryption process automatic? does it work like rsa?  what does X509Certificate do? is this for being sure that data is from valid client and... ? ill be gratefull for more information about what you know about ssl.

 

 

 

Yes, the actual data encryption is automatic. It uses RSA and (probably) AES internally.

 

SSL does two things. The most obvious thing is that it encrypts data, but it also has mechanisms to verify peers. For example, when you connect to your bank, you want to make sure not only that the communications are encrypted, but you also want to be sure that it really is your bank that you are talking to. Such verification can be performed using an asymmetric encryption algorithm (such as RSA) and a certificate chain. The whole process is a bit to complex for me to write here, but the point is that some authority who everyone trusts can issue a non-fakeable (in theory at least) certificate to someone which can then be verified by others. The certificate contains the public encryption key to be used when communicating with that entity. The most common format of these certificates is X.509.

 

You can create a self-signed certificate with your own keys. This is typically used for testing or when you only need encryption.

 

The reason for using a trusted certificate system is that it prevents man-in-the-middle attacks where a your client unknowingly connects to a hacker who decrypts the data, reads it, re-encrypts it and passes it on to you. That can also happen with a self-signed certificate unless it's shipped with the client.

 

Correctly doing encryption is hard. smile.png You should probably read up on it on wikipedia or similar.

 

EDIT:

Certificates are most commonly used to verify servers, but they can also be used to verify clients. That could be used for white-listing for example. I'm not sure I've ever seen anything that actually uses client certificates however.


In Topic: how to know most hack possiblities and find best way to handle them

15 February 2015 - 10:24 AM

RSA is super slow and is typically only used for handshaking and symmetric key exchange, then a symmetric algorithm such as AES is used. This is what SSL does. SSL is used by tons of things, secure web, secure FTP, SSH, current mail protocols, and so on. 
 
If you use a TCP connection and can keep it open, the SSL overhead will probably be fine. It's mostly the handshake that's the problem. Unless you are like an MMO, but then you'll probably need reverse proxies and load balancing anyway. SSL is probably going to be the fastest encryption solution you can find. Doing it yourself will either be less secure or slower.
 
Check out the System.Net.Security.SslStream.


In Topic: how to know most hack possiblities and find best way to handle them

14 February 2015 - 09:22 PM

Encrypting traffic can make it more difficult to sniff/intercept the communication and stealing other peoples account data and it can potentially also prevent varous forms of cheating such as knowing stuff only the server and that particular client should know. It does not prevent a hacker from sending anything he wants from his own computer, but it can prevent him from impersonating another client.

 

So yeah, encryption is awesome and can bring alot of benefits, especially for the non-hacking players, but it does not mean you can trust whatever is received just because it was received over an encrypted channel.


In Topic: My Very First RTS Game 8 player.

14 February 2015 - 02:02 AM

Link didn't work for me.


PARTNERS