Sign in to follow this  
retroworld

Open Source and Encryption??

Recommended Posts

retroworld    165
I am wondering, is there a point in encryption for an open source client for a multiplayer game with a server?

what I mean, the server is closed-source and the client is open source. The way they're communicating, they're using encrypted protocal. would there be a point in this because the client is open source so the "hacker" would be able to break into the protocol and encryption much easier.

So is there any point into using encryption on data?

Share this post


Link to post
Share on other sites
jpetrie    13106
If your encryption is relying on the communication stream and mechanism being secure and closed, you're not doing a very good job of it. You can implement properly secure encryption in open source software.

The bigger question, though, is whether or not you really need to encrypt the traffic at all. Obviously there are some things you should not be sending in plaintext over the wire -- sensitive personal data for example. But the bread-and-butter of your game's network stream, stuff like "hey we're moving to location foobar now..." you may not need to bother with that.

Share this post


Link to post
Share on other sites
retroworld    165
So what do you suggest for personal data such as passwords etc?

Also is encryption needed because the programmer doesn't trust the user or doesn't trust other random people trying to get the user's info?

Share this post


Link to post
Share on other sites
A good encryption assumes that an attacker knows everything, and it still has to work -- so open-source is not an issue.

Encryption in combination with proper key exchange and/or authentication algorithms (this is important!) can thwart a good number of attacks (including, but not limited to replay attacks, inserting random commands, and password sniffing), regardless of whether an attacker has access to the source.

Share this post


Link to post
Share on other sites
SimonForsman    7642
Quote:
Original post by retroworld
So what do you suggest for personal data such as passwords etc?

Also is encryption needed because the programmer doesn't trust the user or doesn't trust other random people trying to get the user's info?


Encryption is needed to protect the user, the user will always have access to the unencrypted data anyway (anything sent or recieved by the client will be unencrypted in the clients memory at some point)

Thus you use an authorative server to prevent cheating and encryption to prevent third parties from collecting sensitive information about your users (username/password or other authentication strings (cd-keys etc) should always be encrypted)

The easiest way is to just use SSL/TLS , openssl is both free and good.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this