I am wondering, is there a point in encryption for an open source client for a multiplayer game with a server?
what I mean, the server is closed-source and the client is open source. The way they're communicating, they're using encrypted protocal. would there be a point in this because the client is open source so the "hacker" would be able to break into the protocol and encryption much easier.
So is there any point into using encryption on data?
Open Source and Encryption??
If your encryption is relying on the communication stream and mechanism being secure and closed, you're not doing a very good job of it. You can implement properly secure encryption in open source software.
The bigger question, though, is whether or not you really need to encrypt the traffic at all. Obviously there are some things you should not be sending in plaintext over the wire -- sensitive personal data for example. But the bread-and-butter of your game's network stream, stuff like "hey we're moving to location foobar now..." you may not need to bother with that.
The bigger question, though, is whether or not you really need to encrypt the traffic at all. Obviously there are some things you should not be sending in plaintext over the wire -- sensitive personal data for example. But the bread-and-butter of your game's network stream, stuff like "hey we're moving to location foobar now..." you may not need to bother with that.
Author
So what do you suggest for personal data such as passwords etc?
Also is encryption needed because the programmer doesn't trust the user or doesn't trust other random people trying to get the user's info?
Also is encryption needed because the programmer doesn't trust the user or doesn't trust other random people trying to get the user's info?
A good encryption assumes that an attacker knows everything, and it still has to work -- so open-source is not an issue.
Encryption in combination with proper key exchange and/or authentication algorithms (this is important!) can thwart a good number of attacks (including, but not limited to replay attacks, inserting random commands, and password sniffing), regardless of whether an attacker has access to the source.
Encryption in combination with proper key exchange and/or authentication algorithms (this is important!) can thwart a good number of attacks (including, but not limited to replay attacks, inserting random commands, and password sniffing), regardless of whether an attacker has access to the source.
Quote:Original post by retroworld
So what do you suggest for personal data such as passwords etc?
Also is encryption needed because the programmer doesn't trust the user or doesn't trust other random people trying to get the user's info?
Encryption is needed to protect the user, the user will always have access to the unencrypted data anyway (anything sent or recieved by the client will be unencrypted in the clients memory at some point)
Thus you use an authorative server to prevent cheating and encryption to prevent third parties from collecting sensitive information about your users (username/password or other authentication strings (cd-keys etc) should always be encrypted)
The easiest way is to just use SSL/TLS , openssl is both free and good.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
