Uniqly identifying a user?

Luctus · 2004-03-03T10:41:01

I''ve been thinking about a way of transmitting something like username/password in a safe way over the internet. What I came up with was to either: A) Implement something like OpenSSH into my application. or B) Do it by letting the user open a webpage over a secure connection (shttp) and enter user/pass in a form, then store it along with ip on the server. When the game client connects to the server shortly after, the server sees the ip and know which user that just connected. While the "right" way of doing it probably would be to implement the secure transaction in the application, I''m still curious how to do B. Obviously, storing only the ip with the user/pass won''t work since many users can have the same IP (several computers on one internet connection), is there any way of uniqly identifying a computer so this scheme would work? If there is a way, would it be practical doing it this way? -Luctus Statisticly seen, most things happens to other people. [Mail]

Networking and Multiplayer Programming

Started by Luctus February 29, 2004 08:02 PM

12 comments, last by Luctus 20 years, 1 month ago

QBRADQ

122

March 02, 2004 11:42 PM

Could you not just implement your own breed of encryption? It doesn''t take that long to code a simple 128-bit public key encryption system, and if done right, has the following advantanges:

1) Takes a server farm or large super computer to crack with any speed.
2) Comsumes very few server / client resources if only used for logins.
3) Can be scaled down to 32 - 56 bit encryption for game data if desired.

Tell him about the twinky...

Tell him about the twinky...

Evil Steve

2,021

March 03, 2004 04:45 AM

You could implement an MD5 algorithm (theres several floating about on the net). It''ll only be one function, which will encrypt your password. Then the client can send the encrypted password to the server. Unless you need to be able to check the password at the server end (with MD5, you can just check 2 hashes to see if they match)

Polydone

468

March 03, 2004 08:02 AM

The last one wouldn''t work - Yes the password will be hidden from a snooper, but the snooper wouldn''t need it anyway, since he can just use the same md5 himself to log in as the user.

***
For Java games and Java related resources, go to http://www.javaengines.dk
***

Developer journal: Multiplayer RPG dev diary

Megahertz

286

March 03, 2004 10:41 AM

Use Rot-26! It''s twice as strong as Rot-13!!

Prolly the best thing to do would be to use a Public Key Cryptography algo like RSA.

- Client tells the server I wanna send you something sekret!
- Server generates a public and private key and sends the public key to the client.
- Client uses public key to encrypt the username/pw and sends it to the server
- Server decrypts username/pw with private key.
- Server sends response.

-=[ Megahertz ]=-

-=[Megahertz]=-

Uniqly identifying a user?

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

Uniqly identifying a user?

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

Reticulating splines