.
encryption for my online game - where to start?
Of course none of that can get rid of the fact that the client computer has to store the key to decrypt the packets so you have access to that anyway...well, changing the encryption algo could help, unless they just call the decryption routine from your own code .
.
As SenseiDragon said, you want to get rid of casual [cr|h]ackers, the real ones you won't fool, only provocate. For the former task, all you really need is a simple XOR algorithms and the kiddies won't have a clue.
A simple and pretty solid scheme could be like this:
- Server sends a random "session string" (argh, what are they called?)
- The client encrypts the "session string" with its unique reg key (or similar).
- The encryption key (= "session string" + reg key) is then used throughout the session for encryption of the traffic.
As for encryption technique to employ? Whatever. Adding, XORing, it won't really matter unless you're going to make banking transactions. Only professionals will be able to decrypt it.
EDIT: Just a note. The encryption key shall be what I think is called a "digest key", so you can't use it together with the "session string" to extract the reg key (which should never leave the client). And of course, the client needs to identify itself somehow before the transaction described above, so the server can know what reg key to use itself.
---------------------------------------------
"VB is a disease"
[edited by - CWizard on October 27, 2002 7:53:42 PM]
A simple and pretty solid scheme could be like this:
- Server sends a random "session string" (argh, what are they called?)
- The client encrypts the "session string" with its unique reg key (or similar).
- The encryption key (= "session string" + reg key) is then used throughout the session for encryption of the traffic.
As for encryption technique to employ? Whatever. Adding, XORing, it won't really matter unless you're going to make banking transactions. Only professionals will be able to decrypt it.
EDIT: Just a note. The encryption key shall be what I think is called a "digest key", so you can't use it together with the "session string" to extract the reg key (which should never leave the client). And of course, the client needs to identify itself somehow before the transaction described above, so the server can know what reg key to use itself.
---------------------------------------------
"VB is a disease"
[edited by - CWizard on October 27, 2002 7:53:42 PM]
the book Game Programming Gems has a nice chapter on network coms encryption for games, found it a very intresting read and they covered the topic very well 
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
