Hello, can you advise me some good-enought encryption algorithms to secure my UDP comunication for MMORPG? I don''t want to go deep to encryption problems, I just want to implent some security into my code. Thx

Im quite sure encryption of communication packets are waste of time, because if some one wants to crack your algorithm it will happens, that is sad but true.

Not sure but some public key secure key method could work...

A

Yes, public/private keys that's what I had on my mind, but do you know some tutorials on how to program it?
Thx

[edited by - osh on December 27, 2003 1:24:01 PM]

I belive he is talking about SSL or something similar.

As for encryption being worthless, it can be. I think that altering the encryption methods often can make it really annoying to crack

Look at some of the major software/games out there. KaZaa has changing encryption, it was duplicated once, then FastTrack (it''s protocol) changed encryption and they dropped the project because they worked for months, only to get shafted.

Warcraft3''s encryption I belive is running somewhat strong, it is only implemented in Ladder games and CD-Key related things.

Diablo II''s encryption stood for a while, if it was to change I know the D2 hacking community would get very angry, because it was hard enough to pin down the first time.

There are tons of other games that proove encryption takes time to hack, using time against the people hacking it is the key, not improving encrpyion mothods.

Can you explain me, what exactly I have to do? You suggest me to change encryption key(say once a month or so...), but what exactly I have to encrypt?

quote:Original post by osh
Can you explain me, what exactly I have to do? You suggest me to change encryption key(say once a month or so...), but what exactly I have to encrypt?

That depends on who should not see the data. This can become a moot point as soon as some player uses a debugegr or something to access his data before encryption.

But let''s assume you want to encrypt the package payload. Let''s say you have the client data d at some point. Now you encrypt this data to the servers public key ks using the encryption function e and send the generated data e(d,ks) to the server which can decrypt it using its private key.

The fun part is keeping an encryption scheme for the other way (server->client). If you want to go all-out, every client gets its own private key, which can be impractical for so many reasons. After that, it''s just the same.

AFAIK, there''s a way to use SSL for datagram connections, so you might want to look at that.

The downside is that de/encryption are relatively slow operations that could bog the server when it''s got to perform that operation on a lot of small packages. It might also lead to more data being sent.

The main weakness is that any somewhat competent hacker can just use a debugger to mangle the data before it goes through encryption as soon as (s)he finds the buffer in memory.

just shift the characters so a =b, b= c, etc

no ones going bother working it out

quote:Original post by osh
Yes, public/private keys that''s what I had on my mind, but do you know some tutorials on how to program it?
Thx

[edited by - osh on December 27, 2003 1:24:01 PM]

Use standard and proven library. IIRC Java has very nice support for public/private key.

Judging from your OP you need just some kind of has function to prevent most obvious damage.