encryption for my online game - where to start?
Author
Hi everyone,
Does anyone know where to find information on implementing encryption in an online RPG?
I''ve finished writing the client game engine and I''m starting to work on my server and network code, but I''m relatively clueless with regards to encrypting this stuff.
Any pointers are appreciated!
Ty
http://www.faqs.org/faqs/cryptography-faq/part01/
http://www.openssl.org
http://vig.prenhall.com/catalog/academic/product/1,4096,0130914290,00.html
kdIXfA.gamedev.10.coreyh@xoxy.net
www.ipeg.com/~rlfc
http://www.openssl.org
http://vig.prenhall.com/catalog/academic/product/1,4096,0130914290,00.html
kdIXfA.gamedev.10.coreyh@xoxy.net
www.ipeg.com/~rlfc
What do you need encryption for?
I can see the use if you want to encrypt passwords when you send them to the server, but other than that I don''t see how it adds security to an online game.
I you think it will allow you to trust data from the client, you''re mistaken, since it is just as easy to alter data sent before you encript it, by hacking the client application.
I can see the use if you want to encrypt passwords when you send them to the server, but other than that I don''t see how it adds security to an online game.
I you think it will allow you to trust data from the client, you''re mistaken, since it is just as easy to alter data sent before you encript it, by hacking the client application.
Author
I''m putting it in mainly because it''s a good project for some Computer Science research that I have to do for college. Research, write a report, implement - yadda yadda 
P.S. - Thanks Coreyh!
Ty
P.S. - Thanks Coreyh!
Ty
I think that if you use public key cryptography and digital signatures it would be possible to have players have a verifiable identity. Cheating would be connected a person. A person would blocked instead of a ip address.
It would take some work to set up though. The amount of cpu time taken up by checksumming and cryptography would also be big.
Its just a theory though. I haven't tested it yet.
kdIXfA.gamedev.10.coreyh@xoxy.net
www.ipeg.com/~rlfc
[edited by - coreyh on October 17, 2002 4:13:04 PM]
It would take some work to set up though. The amount of cpu time taken up by checksumming and cryptography would also be big.
Its just a theory though. I haven't tested it yet.
kdIXfA.gamedev.10.coreyh@xoxy.net
www.ipeg.com/~rlfc
[edited by - coreyh on October 17, 2002 4:13:04 PM]
quote:Original post by Xiol
What do you need encryption for?
I can see the use if you want to encrypt passwords when you send them to the server, but other than that I don''t see how it adds security to an online game.
I you think it will allow you to trust data from the client, you''re mistaken, since it is just as easy to alter data sent before you encript it, by hacking the client application.
Well, Half-Life (and Counter-strike) uses a blowfish encryption on its packets, and its worked fine so far. Halflife had (and still has) its fair share of cheats, but none of them operate by sending / decyphering packets. If the communication protocol was discovered, there would be a huge disaster.
quote:Original post by FearedPixel
Well, Half-Life (and Counter-strike) uses a blowfish encryption on its packets, and its worked fine so far. Halflife had (and still has) its fair share of cheats, but none of them operate by sending / decyphering packets. If the communication protocol was discovered, there would be a huge disaster.
Why''s that? People can and do hack the client already. Adding in bogus network packets wouldn''t add any additional capabilities to that.
quote:Original post by Anonymous Poster
Why''s that? People can and do hack the client already...
If you rely on encryption so that you may ''trust the client'', then obviously you''re encrypting for the wrong reason -- one should never trust the client, and I think most of us here agree on that point.
But that doesn''t mean that encrypting the packet stream is useless, or in any way foolish. It keeps the casual hackers out of your face right from the start, and the more determined hackers are going to be hacking your client anyway, whether or not you had encryption in it.
Keeping out the casual hacker isn''t a bad thing.
Think of it this way. A determined snoop will rip open your envelopes and read your mail. Does that make envelopes stupid?
Sure, it''s not a great analogy to encrypting packets, but encrypting the data is akin to wrapping it in an envelope. The casual browser can''t read it.
I dont know if im actually on the right track here... well this is my version of the problems/solutions.
Even if the datastream between a game server<->client was encrypted it doesnt matter one can easily hack into the application and remove the encrypt function (with a little knowledge of ASM) It can be done both in run-time and in the exec.
Another problem with encryption in games is also time it takes to compute the encryption for packets, a strong algoritm could lower the framerate and make the server slow :/
A way to solve theese problems could be to have the same encrypt function placed several diffirent places in the exec then switch between the functions runtime by using function pointers. Offcourse dynamical memory could used to solve this problem as well.
One could also change/update the encrypt algo once a week or so.
Even if the datastream between a game server<->client was encrypted it doesnt matter one can easily hack into the application and remove the encrypt function (with a little knowledge of ASM) It can be done both in run-time and in the exec.
Another problem with encryption in games is also time it takes to compute the encryption for packets, a strong algoritm could lower the framerate and make the server slow :/
A way to solve theese problems could be to have the same encrypt function placed several diffirent places in the exec then switch between the functions runtime by using function pointers. Offcourse dynamical memory could used to solve this problem as well.
One could also change/update the encrypt algo once a week or so.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement