• Advertisement
Sign in to follow this  

crypto++ question

This topic is 1577 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Advertisement

It can be used on any data.

 

Note that encryption is just a limited armored transport service. It only helps protect against tampering between the time it is encrypted and the time it is decrypted. That is all.

 

It does not protect you against any other attacks. It won't help protect the data once it is decoded, such as monitoring the memory of your application, modifying values inside a running program, protecting the communications protocol itself, or preventing attackers from establishing their own secure connections. Since all data must be deciphered to be used, you must assume that an attacker who has access to the machine also has full access to all the data.

Share this post


Link to post
Share on other sites

is this the best one to use?,thanks for the smart reply btw

 

Best is subjective. Only you know your requirements, Only you know if you have requirements about trusting (or distrusting) any specific library. 

 

It is functional and has developed a community around it. Is it better or worse than any other product? That depends on you and your needs.

Share this post


Link to post
Share on other sites

Thats the problem , i am not sure what exactly this library is used for,all i know that you can encode/crypt strings, i am not sure if you can do it for varibles?

Share this post


Link to post
Share on other sites


Thats the problem , i am not sure what exactly this library is used for,all i know that you can encode/crypt strings, i am not sure if you can do it for varibles?

It can compute hashes, checksums, MACs, PRNs, ... and is by no way restricted to strings. Instead, it works on streams of bytes. And because any data can be seen as stream of bytes, the library can work on any data (not even plain but also structured data).

Share this post


Link to post
Share on other sites

What do you wish to encrypt? The library can encrypt anything you want, but it is not always worth to encrypt normal game data, unless you want to delay the discovery of your protocol (which will happen if your game get enough attention).

 

IMO encrypt the login information and private chats and you should be fine.

 

I would recommend that you take your time and have at least a good idea of how algorithms work and what you should save because some are not as intuitive as they may seem (specially public key encryption and hash + salt password saving).

Edited by KnolanCross

Share this post


Link to post
Share on other sites

I also recommend *not* using the library in a serious project if you don't know how to use it. Cryptography is difficult to get right, and even if you do know what you are doing you should still use existing frameworks and protocols to achieve whatever security property you are looking for (e.g. use SSL/TLS bindings, a validated SRP implementation, and so on) instead of rolling your own. The problem is that it's very easy to think you've got it right when in reality all you've got is a gaping hole that you can't even see. I know it's tempting to just go ahead and hack away at code until it looks like it's working, but most crypto tutorials you will find on the net are utter crap and with the wealth of easily accessible knowledge and vetted implementations there is really no excuse for doing this yourself, failing, and getting your ass kicked shortly after by the PR backlash.

 

And, yes, encryption does not care about the underlying structure or semantics of the data. It works on any kind of information, in any encoding.

Edited by Bacterius

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement